Data Protection Audit


Irrespective of determining the status quo or fulfilling the accountability according to Art. 5 para. 2 GDPR – carrying out data protection audits is a critical component to obtain an overview of the actual implementation of the legal provisions. Are all required documents available and up-to-date? Do the processors involved have to be audited again? Are there new software applications? Are there any open points when employees use the company’s means of communication? These and other questions must be discussed regularly in order not to lose sight of the entire complex.

The audit includes everything that is relevant to privacy law, such as process descriptions, contracts, software applications or the actual and undocumented status quo. Based on all provided or publicly accessible information, relevant privacy areas are worked out and evaluated as well as documented in a comprehensive report. This report can then be used as a basis for the further procedure and structuring of open points. At the same time, it serves as a component for data protection documentation and the fulfilment of accountability.

In auditing, MORGENSTERN is guided by practical experience gained from accompanying and representing in connection with data protection audits of the supervisory authorities of different federal states and the documents requested in this context as a basis for auditing.