Audit of personal data protection
Our audit and GDPR implementation services are directed to any organisation covered by the new provisions. The General Data Protection Regulation significantly affects the obligations of the entities processing personal data and requires many changes to the internal policies and procedures in place. Implementation of proper solutions and adjustment of organisation processes would enable the fulfilment of all obligations provided for in the personal data protection law.
The purpose of the audit is an estimation of the degree to which an organisation is prepared to fulfilment of the obligations deriving from the GDPR. It would allow us to design solutions adapted to the company profile.
Our offer comprises:
- identification of process, where personal data are being processed;
- definition of roles in those processes (whether an entity is controller or entrusts processing operations to other entities);
- stocktaking of categories of personal data and data subjects;
- verification of legal basis for processing, the scope of data and application of the rules of data processing provided for by the GDPR;
- assessment of the personal data protection documentation;
- checking IT systems for their compliance with the GDPR requirements as well as security level of personal data processed in those systems;
- verification of applied procedures and rules of personal data protection with relation to persons having access to data.
Does the audit help us to solve personal data security problems?
The audit is concluded with report, which establishes the facts, identifies main risks as well as recommends solutions improving the level of personal data protection within the organisation.
The stocktaking table, containing list of personal data processing operations together with detailed description of its elements is attached to the report.
Why Omni Modo should conduct the audit in Your company?
We have conducted such data security audits for 14 years and it is one of our most well-known services. We use our internal procedures which have been proven.
The next step of the company adjustment to the GDPR requirements is the design and implementation – on the basis of aforementioned recommendations – of technical and organisational solutions (policies, procedure, trainings). The implementation is conducted on the basis of the result of the audit as well as the schedule agreed on with the company.
Our offer comprises:
- drafting of documentation adapted to a given entity (including records of processing activities, records of categories of processing activities, risk analysis, data protection impact assessment, clauses and privacy notices)
- designing solutions concerning incident handling and personal data breach notification;
- trainings for personnel (also e-learning), which include sector-specific courses in, the field of, among others, marketing, sale, security, HR and debt collection.