A regular data protection audit makes sense for the person responsible because it represents a suitable control measure by means of which compliance with legal regulations is determined and documented.
All employees who have or may have access to personal data should receive at least annual data protection training. New employees should be obliged to keep secrets as soon as they join the company. Departing employees are obliged to hand over all equipment and documents containing personal data to another person who is obliged to maintain data secrecy.
In order to support the data protection officer of a company and to independently document the implementation of the legal regulations, the German Society for Data Protection recommends internal data protection audits.
Information collection and analysis of the data processing process
Data differentiation according to legally protected and other data
For better protection of personal data
The first step of a data protection audit is to identify the types of data held by the person responsible. In corporations or groups of companies, however, it is first necessary to identify the person responsible.
The data protection auditors of the German Society for Data Protection examine the procedures and document the company-related processes. The data processing systems used in the company are checked and stored in the audit documentation. A detailed analysis of the data processing is carried out by questioning the employees and, if necessary, the members of the employee representatives. The knowledge gained is documented.
An anonymous company-wide survey may give our data protection auditors an even clearer picture of the data use and storage processes of the person responsible. Employees are also asked whether they understand and comply with the data protection guidelines.
The auditors of the Deutsche Gesellschaft für Datenschutz check whether the data protection guidelines and procedures are appropriate and proportionate and whether they have been correctly implemented by the person responsible.
The data protection basic structure of the person responsible is finally documented after a complete check. Recommendations for the protection of personal data are given below if the auditors deem this necessary.
How are individuals who are permitted to request data identified?
Are there systems that prevent unauthorized access to data?
Is there a system that monitors access to data?
How is the privacy policy communicated?
By pressing the approving button I voluntarily give my consent to set or activate cookies and external connections. I know their functions because they are described in the Privacy Policy or explained in more detail in documents or external links implemented there. By pressing this button, I also voluntarily give my explicit consent pursuant to Article 49 (1) (1) (a) GDPR for personalized advertising and for other data transfers to third countries to the and by the companies mentioned in the Privacy Policy, in particular for such transfers to third countries for which an adequacy decision of the EU is absent and that involve significant risks and no appropriate safeguards for the protection of my personal data (e.g. because of Section 702 FISA, Executive Order EO12333 and the CloudAct in the USA). When giving my voluntary and explicit consent, I was aware that an adequate level of data protection may not exist in third countries and that my data subjects rights may not be enforceable. I have the right to withdraw my data protection consent at any time with effect for the future, by changing my cookie preferences or deleting my cookies. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. With a single action (pressing the approving button), several consents are granted. These are consents under EU data protection law as well as those under CCPA/CPRA, ePrivacy and telemedia law, and other international legislation, that are, among other things, necessary for storing and reading out information and are required as a legal basis for planned further processing of the data read out. I am aware that I can refuse my consent by clicking on the other button or, if necessary, make individual settings. With my action I also confirm that I have read and taken note of the Privacy Policy and the Transparency Document.Zum Ablehnen klicken Sie Reject All / Alle Ablehnen.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |