Professional Documents
Culture Documents
Planning | Preparation: Conducting the Adequacy Audit | Preparation: Compliance Audit | Conducting the Compliance Audit |
Audit Execution | Reporting | Audit follow-up
The key factor to bear in mind when selecting staff to carry out Data Protection Planning
Audits is that they should be independent of the function being audited. This Risk Assessment
means that ideally the person responsible for Data Protection should not audit Audit Schedule
activities such as Subject Access Requests if they usually process these Select Auditor
themselves. However, in small organisations it may be very difficult or even Pre-audit Questionnaire
impossible to ensure total independence and so a compromise will have to be Preparatory Meeting
reached. In larger organisations, there should be positive benefits by having and Checklist
staff from one function auditing another as this might encourage the adoption
of best practice.
Auditors who are required to carry out Data Protection assessments will need to
meet certain minimum criteria in a number of areas. The international auditing
standard ISO 10011-2 can serve as a very useful starting point to help
organisations define these minimum criteria, and some recommendations are
made for both Internal and External Auditors.
Skills
Training in Auditing
Ideally, every Auditor should be given adequate training before conducting any
audits.
b. Internal Auditors
https://www.cmpe.boun.edu.tr/~ozturan/etm555/dataaudit/html/steps/planning/auditor.htm Page 1 of 2
Guide to Data Protection Auditing - Step-by-step Process 12/28/21, 8:26 AM
Part 4 of this Manual and the pro formas and checklists in the Annex are
intended to provide novice auditors with sufficient guidance to conduct
basic Data Protection audits without further training.
b. Internal Auditors
Personal Attributes
Both Internal and External/Supplier Data Protection Auditors will require the
following personal attributes if they are to carry out their tasks successfully:
Return to top
What is a Data Protection Audit? | Why Audit? | Beginner's Guide | Step-by-step Process | Forms and Checklists | Site Index
Copyright
https://www.cmpe.boun.edu.tr/~ozturan/etm555/dataaudit/html/steps/planning/auditor.htm Page 2 of 2