Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing the New EU General Data Protection Regulation Conference 2016 Preparing for a DP audit Ashley Roughton Nabarro LLP.

Published byMeryl Shauna Farmer Modified over 8 years ago

Similar presentations

Presentation on theme: "Implementing the New EU General Data Protection Regulation Conference 2016 Preparing for a DP audit Ashley Roughton Nabarro LLP."— Presentation transcript:

1 Implementing the New EU General Data Protection Regulation Conference 2016 Preparing for a DP audit Ashley Roughton Nabarro LLP

2 Audit, Investigations and Inspections – legal basis Any contract between C and P must require that –C can audit and inspect P (a26(2)(h)) for compliance with a26 –P assists C in that task Any DPO must monitor his employer’s compliance with the GDPR and related audits (a37) Any BCRs must have an audit provision within them (a43(2)(i)) SAs have the power to carry out investigations in the form of dp audits (a53) SAs to assist one another in relation to inspections (a55)

3 Investigations – legal basis Each SA has the mandate to –investigate lodged by S or a body representing S (a52(1)(b)) –Conduct investigations on the conduct of the GDPR (a52(1)(d)) The investigative powers include:- –Compel provision of information (a51(1)(a)) –Audit (a51(1)(aa)) –Access to premises and computers (a51(1)(db))

4 Corrective powers – a53(1b) Issue –Warnings –Reprimands Order –compliance with DSAR –modification of processing behaviour –Rectification, blocking or erasure of data –Payment of fine –Suspension of sending data abroad

5 a53 audits : (aa) “to carry out investigations in the form of data protection audits” Has the organisation implemented policies and procedures so as to ensure compliance with the GDPR Do they work Check –Appropriate policies and procedures in place –Being followed –Are they adequate –Detect breaches of compliance –Recommend changes

6 Audit standards Likely to be in accordance with the Chartered Institute of Internal Auditors standards on risk based reporting Standards on risk based auditing Ask one simple question : is there a risk of failure? Proportionate approach, is lapse or non-compliance:- –likely to have a serious impact –a reality?

7 Is there a risk of non compliance? Does the Controller have a complaint history Have there been any self reported breached If so what remedies have been proposed Has the controller in its communications displayed a lack of understanding of the rules Has the press or other business intelligence identified the controller as displaying a lack of understanding of the rules Have there been past audits Volume and nature of personal data being processed External accreditation Impact on individuals of non-compliance Whistle-blower reports, IAs of Controller

8 The seven areas Governance Training and awareness Security DSARs Sharing Records management PIAs

9 The audit process Letter(s) of request. –Policy documents –Operational guidance or manuals –Training modules –Risk and information asset registers The visit –Can take days –Opening meeting –Question/interview based approach –Visual inspections and examinations The report –Draft –Final –Publication of executive summary

10 Example of Executive Summary

11 a.roughton@nabarro.com

Download ppt "Implementing the New EU General Data Protection Regulation Conference 2016 Preparing for a DP audit Ashley Roughton Nabarro LLP."

Similar presentations

Organizational Governance

Organizational Governance
The Managing Authority –Keystone of the Control System

The Managing Authority –Keystone of the Control System
Management verifications Franck Sébert European Commission DG Employment, Social Affairs and Equal Opportunities.

Management verifications Franck Sébert European Commission DG Employment, Social Affairs and Equal Opportunities.
European Union Cohesion Policy

European Union Cohesion Policy
Internal Audit Who? What? When? How? Why? In brief...

Internal Audit Who? What? When? How? Why? In brief...
2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.

2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.
Radmila Trkulja, Head of the CHU of Republika Srpska.

Radmila Trkulja, Head of the CHU of Republika Srpska.
1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
Methods of Administration MOA Element 7 Monitoring and Compliance.

Methods of Administration MOA Element 7 Monitoring and Compliance.
SIEP HSE Management System

SIEP HSE Management System
CUMC IRB Investigator Meeting Human Subjects Research Non-Compliance September 15, 2005.

CUMC IRB Investigator Meeting Human Subjects Research Non-Compliance September 15, 2005.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
External Quality Assessments

External Quality Assessments
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Introduction to Internal Control Systems

Introduction to Internal Control Systems
Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.

Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.

Similar presentations

Ads by Google