The General Data Protection Regulation (GDPR) – Pre Audit
This program is aimed at those companies who already have a good understanding of what the new GDPR demands from their specific company, both from a juridical and a technical point of view.
The program will produce a report, which can function as a tool to start the necessary processes for the company to meet the new requirements of the regulation.
The company will receive a questionnaire with detailed questions. These questions will typically require persons from more than one department to answer, as the questions are quite specific. It is therefore important to prioritise the time to collect the necessary data.
The goal of a compliance check is to ensure that the company has a solid overview of which personal data is in the business and how to treat them. At the same time a compliance check gives us an understanding of the IT systems that handle and protect such personal data.
The compliance check is laid out as follows:
- The company will before the meeting receive a questionnaire with about 40 questions. It will properly not be possible for one person alone to answer all of the questions. There will typically be several groups / departments who will need to assist answering the questionnaire for it to be adequate.
- Meeting of the company with a lawyer from WTC lawyers A/S and an information security adviser from GlobalSequr A/S. Along with the relevant company employees, we review the questionnaire response to ensure an understanding of the company’s processing of personal data and IT security level.
- Based on the questionnaire response and the meeting held, we draw up a report containing legal and IT-security recommendations. The report should serve as a tool for the company to start the processes required for the company to adapt to the new requirements of EU Privacy regulation.
When discussing the questionnaire, it is typically important that there are employees present on the premises who can elaborate on potential questions. The report will be constructed so that it is clear which processes the company should initiate in order to fulfil the regulation.