Head of Corporate IT Audit



Dr. Frank Honold is the Head of Corporate IT Audit at BMW AG, Munich, since 2010. He is also Head of the DIIR working group on Internal Audit and Data Privacy (DIIR is the German IAA chapter).
Before joining BMW Group in 2001, he worked for two years as IT and Process Auditor and Consultant at PwC Munich. He then became IT and Sales Process Consultant at Softlab (BMW Group) from 2001-2002, when he became Sales, Finance and Human Resources Corporate Auditor at BMW AG until 2006. Dr. Frank was Head of Corporate Audit Americas for BMW of North America from 2006-2009, when he was nominated to his current role.
He is PhD in Business Management at the University of Passau, Germany, and is CIA and CISA certified.


 14:35 - 15:25 (04/10/2018)

 ROOM N106

(ROOM N106) C.S 2.1. GDPR – What does the new European regulation mean for internal audit departments?

With the EU General Data Protection Regulation (GDPR) becoming effective on May 25, 2018, several internal audit departments have been wondering whether they have taken the right steps to make their internal audit procedures compliant. Similarly, they have been questioning whether they choose the right topics during internal audit fieldwork to check for company compliance.

During his presentation, Frank will highlight some of the EU GDPR basics that are relevant for your internal audit work. It explains that data privacy does not mean stopping you from doing your internal audit program, but it gives you some framework conditions how to do it.

In this way, the repercussions on how to set up internal audit assignments, fieldwork, and report writing will be discussed. He will explain the differences between anonymizing and pseudonymizing of your internal audit data, as well as when and how to do it in a practical way. The presentation will also outline that customizing your internal audit software is important and why it is essential that you regularly train your audit staff on data privacy regulation.

In addition, some guidance will be given on how to audit adherence to EU GDPR principles from a business and IT standpoint. Examples from Germany based, but internationally acting companies will illustrate some implementation activities.







CPE Credits


Participants countries

Platinum Sponsors


Gold Sponsors


Silver Sponsors


Bronze Sponsors

©2020 Auditores Internos