A regular data protection audit makes sense for the person responsible because it represents a suitable control measure by means of which compliance with legal regulations is determined and documented.
All employees who have or may have access to personal data should receive at least annual data protection training. New employees should be obliged to keep secrets as soon as they join the company. Departing employees are obliged to hand over all equipment and documents containing personal data to another person who is obliged to maintain data secrecy.
In order to support the data protection officer of a company and to independently document the implementation of the legal regulations, the German Society for Data Protection recommends internal data protection audits.
Information collection and analysis of the data processing process
Data differentiation according to legally protected and other data
For better protection of personal data
The first step of a data protection audit is to identify the types of data held by the person responsible. In corporations or groups of companies, however, it is first necessary to identify the person responsible.
The data protection auditors of the German Society for Data Protection examine the procedures and document the company-related processes. The data processing systems used in the company are checked and stored in the audit documentation. A detailed analysis of the data processing is carried out by questioning the employees and, if necessary, the members of the employee representatives. The knowledge gained is documented.
An anonymous company-wide survey may give our data protection auditors an even clearer picture of the data use and storage processes of the person responsible. Employees are also asked whether they understand and comply with the data protection guidelines.
The auditors of the Deutsche Gesellschaft für Datenschutz check whether the data protection guidelines and procedures are appropriate and proportionate and whether they have been correctly implemented by the person responsible.
The data protection basic structure of the person responsible is finally documented after a complete check. Recommendations for the protection of personal data are given below if the auditors deem this necessary.
How are individuals who are permitted to request data identified?
Are there systems that prevent unauthorized access to data?
Is there a system that monitors access to data?
How is the privacy policy communicated?
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |