0800 / 27 00 001
We are thrilled to serve you
Data protection audits and gap analyses
Violations of the data protection requirements turn out to be a major risk. If a data protection breach is detected, a big fine may be imposed. Whether your organization complies with data protection regulations can be determined by the supervisory authority through a standard audit. Companies are responsible for their own compliance with the GDPR. The measures to be taken vary depending on the industry and the company. Relevant is, how personal data is handled. Data protection audits are used to determine and verify necessary data protection measures.
Data protection Audits
There are various reasons why companies decide to conduct audits.
Reason 1: Audits as a building block on the way to secure data protection
A holistic data protection concept ensures the highest level of security within corporate data protection. Its development begins with the initial analysis. Within the scope of the audit, we determine which data protection risks exist. Then your data-processing procedures are examined. Based on the results of the data protection audit, we develop a detailed action plan. It provides specific recommendations for implementation and at the same time serves as a tracking tool. Beyond the audit, we are happy to provide support in implementing the catalogue of measures.
Reason 2: Data protection audit to check the data protection concept
If you have already developed and implemented a data protection concept, our data protection audit is the right control instrument. Within the scope of the audit, we check all relevant areas and determine whether an appropriate level of data protection exists and if the data protection requirements are met. Even if you have already appointed a data protection officer, our audit is an external support service that supports him or her and provides additional security. The tasks of the data protection officer have changed somewhat with the introduction of the GDPR. He does not have to take care of all data protection issues in detail himself, instead he has to exercise a control function.
Reason 3: Control of contract processing / renewal of certifications
Some companies have personal data processed by external partners. Such data processing must be linked to contracts that require regular review. In some cases, a certification of the data protection concept is even required. Such reviews of processing activities can be verified in an audit report. Thus these reviews represent a permanent further development of the data protection concept as well as further measures for compliance with data protection requirements.
Our approach is to fully consider the issue of data protection within your organization. We then derive measures that ensure adequate security. Our approach is pragmatic and economical. This means that your data protection goals are not only achieved securely, but also quickly and at attractive costs. By the way: Before a data protection auditor starts the analysis, he or she will discuss all details with you.
Data protection gap analyses
Legislation requires that you deal intensively with the topic of data protection. Legal requirements, recommendations from supervisory authorities and various court decisions must be taken into account.
Would you like to know how well you are positioned with regard to the implementation of data protection measures? Have you thought of everything?
In addition to the audits mentioned above, we also offer to conduct a gap analysis. For this purpose, we have developed an Excel tool with which we can record your current status in order to obtain an overview of your existing level of data protection. From the experience of numerous data protection breaches reported to the supervisory authorities, we have learned which issues are important. We have compiled the 100 most important aspects, divided them into 10 categories and integrated them into the Excel tool. This allows us to compare the current situation (current state) with the target state and identify gaps that still need to be closed (see graphic below). From this, we create a catalogue of measures for you to improve and optimize your level of data protection.
If you also commission us with the implementation of this project, we will take care of the creation of a project plan, the definition of corresponding work packages and their follow-up as well as regular reporting. The graphic below shows an exemplary progress diagram from a real project. You can see the monthly progress as well as the status after the end of the project. This clear presentation is particularly useful for business managers.
We would be happy to provide you with information in an initial free and non-binding consultation.