For the purpose of assessing whether a system or a data processing activity complies with the essential data protection requirements, the auditor has to possess the corresponding specific knowledge and experience required for this. The audit has to be focused on relevant main issues and has to leave insignificant topics out of the scope of any review. The result of the audit has to be easily comprehensible. The measures that have to be taken must be described in a practicable way and they must be suitable to be implemented smoothly in the context of a professional project and task management.
Scheja & Partners Rechtsanwälte offer to conduct data protection audits, risk assessments, and GAP analyses in order to investigate factual circumstances, provide a legal evaluation of them, and to recommend suitable measures for achieving conformity with the law. The goal is to evaluate any risks in a bespoke, client-specific way and to proactively prevent any impending economic damage by means of appropriate and effective measures.
As to complex systems and structures of a client, it may be advisable, as the case may be, to act in accordance with an audit plan, in which a prioritization of the inspected areas is determined and the progress as well as the implementation of the audit activities are continuously and sustainably documented.
At Scheja & Partners Rechtsanwälte, data protection audits are conducted by qualified auditors. In this context, the law firm is able to draw on many years of experience, throughout all industries, with diversified systems and processes. The law firm’s pool of experience spans from specific systems and processing activities to complex data protection organizations. Whether it is a highly complex data warehouse, a group-wide CRM, modern HR systems, high-performance data loss prevention systems, the data protection organisation of an internationally operating bank, or the data protection concept of a single specialist department that is involved, our checks and tests focus on the essential issues and lead to practicable results. Our courses of action in cases like this are prioritized based upon a risk analysis and we assess such risks in a way that is both transparent and understandable.
The strength of our audits does not merely lie in the detection of any data breaches, but also in the presentation of suitable measures to achieve conformity with the law. This will be usually carried out in the form of action plans which set out the measures that are to be taken while additionally providing for competences, milestones, priorities, and status assessments. It goes without saying that a follow-up also forms part of a sustainable data protection auditing concept, in order to ensure that the obtained findings will not remain unused, but will rather contribute consistently to an improvement of the guaranteed data protection level in the context of a professional data protection management.
When a data protection audit is carried out, it may also result – in addition to the preparation of a reporting and action plan – in the issuing of a certificate. This enables clients to demonstrate to their business partners, to authorities, and to the public that the data protection level within their organization is optimal, which is very effective from a marketing point of view.