Auditing the Data Protection Organization

At the latest since the EU General Data Protection Regulation (GDPR) came into force in May 2018, data protection compliance has been on the risk map for internal auditing. The significant liability/sanction risks as well as the increased accountability requirements have led to the implementation of data protection management systems in companies and in the public sector.

The changed initial situation requires a clear data protection strategy, an effective data protection process, and its monitoring by Internal Audit.

The DIIR working group Internal Audit & Data Protection has drafted a structured procedure (in the form of a checklist) for reviewing the data protection organization and its effectiveness in the company, which can provide an important framework for the approaches and regulations to be observed in the context of data protection.

The Checklist for auditing the data protection organization can be found here.

PS: Please note that the checklist is only available in German.


PPS: Do you already know the new newsletter of the Chair of Internal Auditing at the University of Duisburg-Essen? Click here to register.