Be Prepared – The German DPAs will start random GDPR audits

The Data Protection Supervisory Authorities for the German states of Lower Saxony and Bavaria recently announced that they will carry out random audits to check compliance with the GDPR. Article by Julia Kaufmann a partner in Baker McKenzie’s Munich office

The Data Protection Supervisory Authorities (“DPAs”) for the German states of Lower Saxony and Bavaria recently announced (related information can be found here and here) that they will carry out random audits to check compliance with the GDPR.

In July 2018, the DPA for Lower Saxony reached out to about 50 companies with a questionnaire. The questionnaire focused on the following topics: How has the company prepared for the GDPR? How were the records of processing prepared and how will they be maintained? What are the legal bases for the processing of personal data, including sample consent forms? How are data subject rights addressed? What technical and organizational measures are in place? How are DPIAs carried out? What template data processing agreements are used? How is the DPO involved in the company and what skills does he/she have? What does the security breach notification procedure look like? How can the company demonstrate compliance with the above mentioned aspects? https://globalcompliancenews.com/german-data-protection-supervisory-authorities-start-random-gdpr-audits-20181008/

“Finally, a Regulatory Compliance Agency actually going to conduct an audit! And not just a simple Audit, and prior to the audit they have send out a very sophisticated questionnaire that does not leave much wiggle room or grey lines to respond unless they are willing to outright lie. Kudo’s to the German’s on this one! I would be curious how they plan to perform this very complex Audit, if they will be using technology application or have written their own very specific sets of API’s to query and derive enough Discovery to prove their Audit results. No matter their methods, if their outcome is valid and accepted and not challengeable or proven wrong in court, again, major Kudos to the German’s on auditing for their Compliance Requirements and extra Kudo’s if they follow through with enforcement.” Steven Meister’s Thoughts to this article. https://globalcompliancenews.com/german-data-protection-supervisory-authorities-start-random-gdpr-audits-20181008/

Be Prepared – The German DPAs will start random GDPR Audits https://www.linkedin.com/pulse/prepared-german-dpas-start-random-gdpr-audits-steven-meister/