For many organizations, preparing for the European Union’s (EU) General Data Protection Regulation (GDPR) has been a time-consuming endeavor. Unfortunately, the work is not over. Now that GDPR is in effect, companies will need to do regular internal audits to assess their compliance levels. The ability to document these audits will be vital in the event of a breach or complaint, because showing that a good-faith effort was made could help avoid a big penalty.
“Audits are very important, as accountability is one of the principles under the GDPR, and organizations are expected to monitor their privacy and compliance program as part of being in compliance,” says Greg Sparrow, senior vice president and general manager at risk management consulting firm CompliancePoint.