With the EU General Data Protection Regulation (GDPR) becoming effective on May 25, 2018, several internal audit departments have been wondering whether they have taken the right steps to make their internal audit procedures compliant. Similarly, they have been questioning whether they choose the right topics during internal audit fieldwork to check for company compliance.
During his presentation, Frank will highlight some of the EU GDPR basics that are relevant for your internal audit work. It explains that data privacy does not mean stopping you from doing your internal audit program, but it gives you some framework conditions how to do it.
In this way, the repercussions on how to set up internal audit assignments, fieldwork, and report writing will be discussed. He will explain the differences between anonymizing and pseudonymizing of your internal audit data, as well as when and how to do it in a practical way. The presentation will also outline that customizing your internal audit software is important and why it is essential that you regularly train your audit staff on data privacy regulation.
In addition, some guidance will be given on how to audit adherence to EU GDPR principles from a business and IT standpoint. Examples from Germany based, but internationally acting companies will illustrate some implementation activities.
Head of Corporate IT Audit