INTERNAL DATA PROTECTION AUDIT OR REGULATORY CONTROL?
Data protection controls may take two forms. Enterprises can ensure their own compliance by means of regular internal data protection audits or wait until the responsible supervisory authority makes use of the chance to carry out their own inspection of the Controller. The latter alternative appears to be tactically unwise. Therefore, we advise our clients to conduct annual data protection audits. We believe that this is the only way to adequately ensure the compliance with legal requirements.
During the on-site inspection the supervisory authority may examine, if your organization has complied with the legal requirements on data protection. If this is not the case, a fine could be imposed on the controller. This risk may be prevented by conducting internal data protection audits.
The supervisory authority could report any determined legal violations to other authorities entitled to prosecute, such as the Trade Supervisory Board. Trade-related measures against the controller could be taken as the result. Regular audits can prevent this.
If a national supervisory authority establishes a data protection offense, it may inform the supervisory authorities of other Member States. This could mean that the branch offices of the controller are subjects to inspection in the other Member States. This could lead to even higher fines. This risk may be reduced by regular data protection audits.