Privacy Audit

Every organization is different. If you want to be in line with the GDPR, you have to take this reality into account – after all, there are no ready-made answers!

In order to gain the necessary insight, and not provide correct but useless advice, deJuristen uses a tailor-made selection of questions during the audit. The questions form the balance between the legal obligations on the one hand and the ‘best practices’ on the other hand.

In this way we can gain insight into your organization in a short period of time in relation to the rules from the GDPR. The audit results in a report that provides a clear picture of your organization’s current situation and indicates which actions are necessary. The report shows to what extent risks are present and which GDPR documents need further elaboration or refinement. This insight helps you to jointly further define a Privacy Compliance project for the activities that need to be carried out within your organization within the framework of the GDPR.


Intake conversation

First of all, an intake interview is held with your organization, in which the scope of the audit is determined .

During this interview we gauge (high level):

  • the scope of the audit. We always determine together with whom the interviews should be conducted;
  • What personal data, and on what scale these are processed;
  • what the state of affairs is with regard to the accountability of the organization (which GDPR documents has your organization already drawn up and do they comply with the GDPR?).

Audit & Report

During an on- site audit we map the situation of your organization in relation to the GDPR. We do this by (i) conducting interviews with a select group of employees (e.g. IT, HR, marketing, …) and (ii) if applicable, analyzing the documents already created by the organization. The audit will provide insight into:

  • The operation and structure of the organization;
  • The nature of the personal data processed;
  • the main processes where personal data is processed;
  • the systems and applications in which the personal data is processed;
  • the current policy with respect to GDPR;
  • Employees’ knowledge of GDPR;
  • the current governance focused on GDPR;
  • the working climate, internal communication and relevant stakeholders;
  • the state of the privacy documents that have already been drawn up.

During the audit, a tailor-made selection of questions will be used. The questions form the balance between legal obligations on the one hand and best practices on the other hand.