Skip to content

Data Protection Audit

Data protection audit according to GDPR

The GDPR poses major challenges for companies or their service providers as well as developers and operators of websites or online shops: Expensive implementation of data protection regulations and the risk of high fines if the legal requirements are not met.
This is where TÜVIT can help: with our flexible data protection audits.

Eine Frau arbeitet an einem Tisch mit einem Tablet und Papier.

Continuous improvement of data security

By identifying data protection gaps, including recommendations for action to rectify them, you optimise the level of data protection in your company.

Greater trust in your company

The regular performance of data protection audits strengthens the trust of customers, business partners and employees in operational data protection.

Legal protection (GDPR)

With the help of data protection audits, you can verify proper compliance with data protection regulations & reduce the risk of fines.

A man with headphones is sitting at the table, looking at his laptop and writing something in a notebook.

What is a GDPR data protection audit?

A data protection audit is a voluntary review of an organisation's data protection compliance.

A data protection audit determines the extent to which the existing data protection regulations have already been implemented within an organisation (actual status) and where there may still be potential for optimisation with regard to the GDPR and the BDSG (target status). Based on the results, appropriate measures for improvement and recommendations for action are then made.

Data protection audits are carried out by external, independent data protection experts.

At a glance

Benefits of a data protection audit

A data protection audit in accordance with the GDPR provides a sound basis for evaluating and further developing your internal data protection management. It helps to uncover weaknesses, derive targeted improvement measures for these and at the same time strengthen data protection awareness within the company - without placing an additional burden on your internal resources.

  • Identification of data protection risks
    A data protection audit uncovers potential data protection gaps and provides you with recommendations on how to rectify them.
  • Raising employee awareness
    A data protection audit also raises employee awareness of the issue of data protection.
  • Optimisation of operational data protection
    Our detailed audit report forms the basis for continuous optimisation of data protection in your company.
  • Conservation of human resources
    The audit is carried out by our experts.

Subjects of a data protection audit

  • Organisation
  • Processes
  • Video surveillance equipment
  • Suppliers
  • Specific areas
  • Processors (Art. 28 GDPR)
  • Call centres
  • Websites

Further test objects can be individually agreed with us.

We will support you – no matter what

Get started at last!

We advise you


TÜV NORD IT Secure Communication I Berlin
Goal achieved?

We check that


TÜV Informationstechnik I Essen

Frequently Asked Questions (FAQ)

What you need to know about the data protection check

In view of the fact that the GDPR requires companies to introduce and continuously improve a data protection management system and provide evidence of this, regular data protection audits are generally useful for all companies.

You can use the following questions to check whether you actually need one:

  • Have you appointed an internal or external data protection officer?
  • Are your IT systems adequately protected by a functioning data backup, firewall and encryption?
  • Are your premises, server rooms and offices fully protected?
  • Have you concluded up-to-date order processing contracts with your IT service providers in accordance with Art. 28 GDPR? Have these been checked for the minimum content under data protection law?
  • Are the marketing and sales departments familiar with the requirements of the GDPR and are they implementing them (example: double opt-in)?
  • Is there sufficient IT documentation?
  • Does your company only collect data from employees, customers and partners that it is authorised to process?

If you were unable to answer "yes" to all of these questions, a data protection audit is recommended at the earliest opportunity.

With regard to the respective audit object, the focus is on data protection documentation, data protection organisation and data security, among other things.

As the GDPR affects all companies that process personal data, a data protection audit is therefore also recommended for all companies, regardless of their size.

As the cost of a data protection audit depends on the final expense, there is no generalised answer to this question. Please contact us for a customised quote.

In principle, data protection audits should be carried out at regular intervals, as new data protection measures may become necessary due to changes within the company. It is therefore advisable to carry out a data protection audit once a year in order to identify and eliminate any new risks.

At the latest since the GDPR came into force, the topic of data protection has moved more into the public eye. More and more companies and private individuals are attaching importance to the appropriate handling of personal data by providers of products and/or services. An audit, including an audit report, carried out by an independent body and an established industry expert such as TÜVIT, analyses your current data protection status and uncovers potential data protection gaps.

Why we are a strong partner for you

Good reasons that speak in our favour

You may also be interested in the following