Data protection audits according to GDPR

Contact us now

Data protection audit: check your company's data protection compliance

The GDPR poses major challenges for companies or their service providers as well as developers and operators of websites or online stores. On the one hand, implementing all applicable data protection regulations can be extremely costly. On the other hand, processors of personal data risk high fines if they do not comply with the legal requirements.

This is where TÜVIT can help: with our flexible data protection audits, we cover almost all areas from a technical and legal perspective, identify optimization potential and support you with regard to the continuous improvement of your operational data protection.
 

  Continuous improvement of data security in your company

By identifying data protection gaps, including recommendations for action to rectify them, you optimize the level of data protection in your company.
 

  Greater trust among customers, partners and employees

The performance of regular data protection audits strengthens the trust of customers, business partners and employees in operational data protection.
 

  Legal protection against the GDPR

With the help of data protection audits, you can check proper compliance with data protection regulations & reduce the risk of fines.

What is a data protection audit?

A data protection audit is a voluntary review of a company's data protection compliance. 

A data protection audit determines the extent to which the existing data protection regulations have already been implemented within an organization (actual status) and where there may still be potential for optimization with regard to the GDPR (target status). Based on the results, appropriate measures for improvement and recommendations for action are then made. 

Data protection audits are carried out by external, independent data protection experts.

The benefits of a data protection audit

Vorteile Datenschutzaudit: Identifizierung von Datenschutzrisiken Vorteile Datenschutzaudit: Identifizierung von Datenschutzrisiken Vorteile Datenschutzaudit: Identifizierung von Datenschutzrisiken Vorteile Datenschutzaudit: Identifizierung von Datenschutzrisiken

Identification of data protection risks
A data protection audit uncovers potential data protection gaps and provides you with recommendations on how to rectify them. 
 

Vorteile Datenschutzaudit: Optimierung des betrieblichen Datenschutzes Vorteile Datenschutzaudit: Optimierung des betrieblichen Datenschutzes Vorteile Datenschutzaudit: Optimierung des betrieblichen Datenschutzes Vorteile Datenschutzaudit: Optimierung des betrieblichen Datenschutzes

Optimization of operational data protection
Our detailed audit report forms the basis for continuous optimization of data protection in your company.
 

Vorteile Datenschutzaudit: Mitarbeitersensibilisierung Vorteile Datenschutzaudit: Mitarbeitersensibilisierung Vorteile Datenschutzaudit: Mitarbeitersensibilisierung Vorteile Datenschutzaudit: Mitarbeitersensibilisierung

Raising employee awareness
A data protection audit also increases employee awareness of the subject of data protection.
 

Vorteile Datenschutzaudit: Schonung personeller Ressourcen Vorteile Datenschutzaudit: Schonung personeller Ressourcen Vorteile Datenschutzaudit: Schonung personeller Ressourcen Vorteile Datenschutzaudit: Schonung personeller Ressourcen

Saving human resources
The audit is carried out by our experts.
 

Test objects of a data protection audit


 

  Organization

  Processes

  Video surveillance equipment

  Suppliers

  Specific areas

  Processor (Art. 28 GDPR)

  Call Center

  Websites

Further test items can be individually agreed with us.


 

Data protection audit: The process in 3 steps

Ablauf Datenschutzaudit: Dokumentenaudit Ablauf Datenschutzaudit: Dokumentenaudit Ablauf Datenschutzaudit: Dokumentenaudit Ablauf Datenschutzaudit: Dokumentenaudit

1.

Document audit

Determination of the scope of the assessment; possibility to submit documents of your data protection management & have them checked by our experts. 

Ablauf Datenschutzaudit: Datenschutzaudit (Vor-Ort-Phase) Ablauf Datenschutzaudit: Datenschutzaudit (Vor-Ort-Phase) Ablauf Datenschutzaudit: Datenschutzaudit (Vor-Ort-Phase) Ablauf Datenschutzaudit: Datenschutzaudit (Vor-Ort-Phase)

2.

Data protection audit (on-site phase)

Inspection of your physical facilities and/or digital offerings by our auditors: Does the documentation adequately cover the object of the audit & does it comply with the GDPR?

Ablauf Datenschutzaudit: Auditbericht Ablauf Datenschutzaudit: Auditbericht Ablauf Datenschutzaudit: Auditbericht Ablauf Datenschutzaudit: Auditbericht

3.

Audit report

Comprehensive audit report that includes the evaluation of the documents & the audit. Provides evidence of compliance with legal requirements and, if necessary, gives information on how to improve data protection.

Are you interested in a data protection audit?

Frequently asked questions (FAQ) about the data protection audit

When is a data protection audit a good idea?

In light of the fact that the GDPR requires companies to introduce and continuously improve a data protection management system and provide evidence of this, regular data protection audits are generally useful for all companies.

You can use the following questions to check whether you actually need one:

  • Have you appointed an internal or external data protection officer?
  • Are your IT systems adequately protected by a functioning data backup, firewall and encryption?
  • Are your premises, server rooms and offices fully protected?
  • Have you concluded up-to-date order processing contracts with your IT service providers in accordance with Art. 28 GDPR? Have these been checked for the minimum content under data protection law?
  • Are the marketing and sales departments familiar with the requirements of the GDPR and are they implementing them (example: double opt-in)? 
  • Is there sufficient IT documentation?
  • Does your company only collect data from employees, customers and partners that it is authorized to process?

If you were unable to answer "yes" to all of these questions, a data protection audit is recommended at the earliest opportunity.

Which companies should carry out audits?

As the GDPR affects all companies that process personal data, a data protection audit is therefore recommended for all companies, regardless of their size.

How often should a data protection audit be carried out?

In principle, data protection audits should be carried out at regular intervals, as new data protection measures may become necessary due to changes within the company. It is therefore advisable to carry out a data protection audit once a year in order to identify and eliminate any new risks.

What is examined as part of the data protection audit?

The focus of the audit is on data protection documentation, data protection organization and data security with regard to the respective audit object.

What does a data protection audit cost?

As the cost of a data protection audit depends on the final effort involved, there is no general answer to this question. Please contact us for an individual offer.

What are the benefits of a GDPR audit by TÜVIT?

At the latest since the GDPR came into force, the topic of data protection has moved more into the public eye. More and more companies and private individuals are attaching importance to the appropriate handling of personal data by providers of products and/or services. An audit, including an audit report, carried out by an independent body and an established industry expert such as TÜVIT, examines your current data protection status and uncovers potential data protection gaps.

Why we are a strong partner for you

Independence

Our employees are not subject to any conflicts of interest, as they are not committed to any product suppliers, system integrators, stakeholders, interest groups or government agencies.

Expertise

With us, you have an interdisciplinary team with over 15 years of experience and expertise in the field of data protection at your side.

International network of experts

Around the globe: We support you both nationally and internationally. Our global network of experts is ready to help you in word and deed in all IT security issues.

Industry experience

Due to many years of experience in different branches of industry we can serve companies from a wide range of industries.

Tailor-made for you

We focus on individual services - and solutions - that optimally fit your current company situation and your set goals.

 

You have questions? We are pleased to help!

  

Samantha Murmann

Product Manager Data Protection & E-Health 

+49 201 8999 699
s.murmann@tuvit.de

Further services

EU General Data Protection Regulation

From May 25, 2018 the requirements of the EU General Data Protection Regulation are to be implemented with binding effect. What will remain the same and what will change? Which processes have to be set in motion? And what will be the impacts for your company?
Read more