A regular data protection audit is useful for the controller, because it is an appropriate control measure by means of which compliance with the legal requirements is determined and documented.
All employees who have access or may have access to personal data should at least receuve regular data protection trainings. New employees should step by step be committed to the confidentiality, when they join the enterprise. Retiring employees are obligated to hand over all equipment and documents containing personal data over to another person, who is committed to data secrecy.
In order to support the data protection officer of an enterprise and to document the implementation of the legal requirements in the independent manner, the German Association for Data Protection advises on internal data protection audits.