Data Protection Audit

Our law firm offers you the carrying out of data protection audits. Attorney Thomas Costard is an examined data protection auditor (TÜV-Rheinland) and he will carry out the audit. After having performed the data protection audit, a data protection certificate will be made out.

Due to the requirements of the European Data Protection Regulation (short “GDPR”) on the commissioned data processing, Art. 28 GDPR the controller are obliged to provide external services(especially service companies, IT services, telecommunication services, etc.) to carefully select them, to control them and document the choice and control in written form.

Many IT and telecommunications services are due to the statutory requirements for data processing in the GDPR exposed to controls by querying checklists according to the technical and organizational data protection according to Art. 32 DS-GVO and by site visits by the controller.

The implementation of a data protection audit and subsequent certification simplifies the proof of the processor with the controller about the existence of the requirements of the data protection and reduces the emerging evidence and effort for the detection and monitoring of the controller.

The services of data protection audits include especially the following:

  • Preparation of data protection audits and preparation of necessary documents
  • Implementation of data protection audits as a part of a site visit in the company
  • Committing the company with a follow-up report
  • Interviews with those responsible
  • Inspection of operating agreements, rules of use, disaster and emergency plan, backup strategy, IT contracts, etc.
  • Creation of the Data protection audit report
  • Presentation and discussion of the data protection audit report with the management