How To Audit GDPR 

The Role of the IT Auditor Is Key to Compliance

  Provide feedback on this document

Related Items:

GDPR Audit Program Bundle

Implementing the General Data Protection Regulation

ISACA’s GDPR Hub (Access all our valuable information and resources in one place)

The General Data Protection Regulation (GDPR) went into effect on 25 May 2018, and the implications of this new data protection requirement are still being discussed and interpreted at enterprises in the EU and around the world. Ultimately, all enterprises that conduct business and hold personal data on just one person located in the European Union will fall under the mandates of this EU requirement, no matter where the enterprises are located.

IT auditors are critical resources in helping enterprises achieve and maintain compliance. However, since GDPR is a new, complex and comprehensive regulation that impacts many functional areas within an enterprise, auditors will likely encounter many new questions and challenges in completing necessary audit/assurance activities. Our FREE white paper, How To Audit GDPR, breaks new ground and offers important answers and insights into conducting this new type of audit engagement.

In addition, to help with the assurance process, we have also developed the GDPR Audit Program Bundle. It covers implementation controls as well as maintenance controls, providing an evaluation of how effectively GDPR is being governed, monitored and managed. The review will focus on GDPR governance and response mechanisms as well as supporting processes, which can help to manage the risks associated with non-compliance to GDPR.

Finally, be sure to check out our FREE quick reference checklist, Tips for Auditing GDPR, for more helpful advice about assuring enterprise GDPR compliance.

Providing audit assurance on GDPR is not a one-off process; the regulation requires auditors to consider personal data throughout the enterprise’s annual audit plan. This collection of audit guidance from ISACA can you and your enterprise better protect data within your organization and reaffirm compliance to stakeholders. Download your copies today!