AUDIT SERVICES

ProPrivacy helps you ensure your practice matches your policies in a manner that ensures compliance with relevant law and regulation.  Audits cover your business and third parties data protection, privacy, cybersecurity and other areas of electronic law compliance as demonstrated and implemented through policy.

Periodic auditing is vital to the management and smooth running of all systems and procedures, to ensure compliance and continuous improvement. ProPrivacy can provide experienced external audit services that are conversant with many different auditing systems and protocols. My audits are done working alongside those with the relevant management responsibility and I provide constructive feedback to enable managers in-house to take corrective and improvement actions.

The starting point for most GDPR / data protection work that I do with businesses is a benchmarking / gap analysis audit based on standards and guidelines for SMEs set by the Data Protection Commission.  Generally, this is usually a three to five day process outlined in some detail here but depending on the complexity of your business this process can vary.  I do some initial information gathering and document analysis which would involve contracts and policies.  Initial meetings and surveys are held with your compliance team and senior employees who would be responsible for HR, finances, data processing activities and third party vendors.  Where you offer services, apps or online platforms, I investigate activites, data flows and stores together with you.  Throughout the analysis, I analyse where you might act as a data controller or where you act as a data processor and identify controls you have in place that would relate to organisational and technical security measures.  Where I identify joint controller relationships that may exist, I recommend actions to negotiate the correct agreements.  I analyse if you are required to appoint a Data Protection Officer, perform Data Protection Impact and Legitimate Interest Assessments, and advise on recommended Records of Processing Activity (Article 30 Records).  I advise on your procedure and policies for honouring data subject rights and how you manage incidences and data breaches.  I prepare a final report for you that highlights gaps ranked by risk and present it in a session that can include training for your compliance team.  An addition to this service would be for you to book a return visit for me to examine remediation and implementation of suggestions and amend your report.

DATA PROTECTION BENCHMARKING

You might have developed your privacy program to a point where you require an independent audit to validate your policies and procedures.  I provide you with an independent evaluation and report.  You may choose to do a whole business audit or focus on a particular service or platform. My data protection compliance audit is done to standards set by the GDPR, applicable Data Protection Act and your internal policies and procedures.

DATA PROTECTION COMPLIANCE AUDIT

You may wish to examine your security policies and practices separately to your data protection or as validation for your GDPR data protection appropriate technological measures or information security measures.  Benchmarking of your policies and practices can be done against recognised frameworks including the ENISA DSP and OES assessments or guidelines issued by ENISA for SMEs.

CYBERSECURITY BENCHMARKING

I offer bespoke assistance at a senior management level for cybersecurity and information security audit preparation.  Further details are provided after discussion and scoping.

BESPOKE AUDIT PREPARATION

Vendor management can be a challenge for smaller businesses.  Where data protection requires you to have full knowledge of practices and processing along your supply chain, you might feel that you do not possess the knowledge or skill to perform the required due diligence to standard.  I can help you with third party due diligence, vendor management and contract negotiation.

THIRD PARTY DUE DILIGENCE

Please click here to accept the relevant marketing cookie [NID] to view this embedded Google map. The NID cookie contains a unique ID Google uses to remember your preferences and other information, such as your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google's SafeSearch filter turned on. Or, alternatively, click this link to view ProPrivacy's office location on Google Maps.

LET'S CONNECT

Philipa Farley is an Association of Data Protection Officers Member ProPrivacy is a Cork Chamber Member ProPrivacy is a Mallow Chamber Member Philipa Jane Farley is a Grow Remote Mallow Chapter Member

ProPrivacy Consulting Limited (t/a ProPrivacy) CRO Reg: 628639 VAT: 3547299MH Registered Office: Bridgetown, Castletownroche, Co. Cork
© Copyright 2019 ProPrivacy Consulting Limited - All Rights Reserved