Post by juthi52943 on Jan 4, 2024 10:56:05 GMT
What should be the result of a GDPR audit? The audit should result in a report. It must be a professional and comprehensive document. In addition to formal elements regarding the method and principles of conducting the audit, it should take into account all irregularities in the field of personal data protection that were identified during the audit. Remember! The criteria in the audit must be clear to its recipients.
Therefore, only descriptions of the facts and the auditors Job Function Email List comments will not be sufficient. It is important to adopt unambiguous assessments and indicate whether a given element is compliant or inconsistent with the GDPR. Alternatively, do we see any potential risk associated with it? From the administrators point of view, the most important part of the report are the recommendations.
At ODO , we prepare reports in which: first of all, the implementation of general obligations is indicated and assessed, and then – analyzed implementation of GDPR requirements for individual processes. The second part of the report consists of: analysis of the organizational and technical measures used to protect personal data, and IT systems analysis. We create the report in the form of tables in which we clearly indicate where in the GDPR the analyzed requirements can be found.
Therefore, only descriptions of the facts and the auditors Job Function Email List comments will not be sufficient. It is important to adopt unambiguous assessments and indicate whether a given element is compliant or inconsistent with the GDPR. Alternatively, do we see any potential risk associated with it? From the administrators point of view, the most important part of the report are the recommendations.
At ODO , we prepare reports in which: first of all, the implementation of general obligations is indicated and assessed, and then – analyzed implementation of GDPR requirements for individual processes. The second part of the report consists of: analysis of the organizational and technical measures used to protect personal data, and IT systems analysis. We create the report in the form of tables in which we clearly indicate where in the GDPR the analyzed requirements can be found.