The GDPR compliance audit constitutes a first stage of preparing the entrepreneur for the requirements of the GDPR.

The audit of the compliance of the processing of personal data with the legal principles resulting from the GDPR is required to identify:

  • the assets participating in processing of personal data;
  • the processes of personal data processing which take place in the company;
  • the security measures used by controller of personal data;
  • main susceptibilities to risk of personal data protection breach;
  • if data protection officer must be appointed.

Without identification of the aforementioned elements it is almost impossible to:

  • analyze reliably the risk of personal data protection brach;
  • prepare adequate documentation establishing the principles od personal data protection in the company;
  • secure personal data adequately;
  • prove compliance with GDPR requirements.

We perform the audit using one of two following approaches:

  • by visiting the Client's office and conducting interviews with key personnel involved in processing of personal data in the company;
  • using the list of over 100 questions concerning the scope and methods of processing of personal data by the Client.

Regardless of the method of conducting the audit, it ends with a report summarizing the audit findings and containing basic recommendations regarding advised changes in the field of personal data processing.

Paweł Borek, attorney at law | Krzysztof Doliński, attorney at law

GDPR | Legal Office in Poznan