MGSI can perform a GDPR compliance audit in respect to your organisation’s processing activities of personal data as well as certain IT products and solutions.
This audit aims to determine the GDPR compliance maturity level of your organisation and to highlight, recommend actions to reach the desired maturity level.
In addition, MGSI can conduct IT audit in respect to logical and physical access management, change management and IT operations.
GDPR Compliance Audit
GDPR compliance audit can be done at many levels in the organisation. We can globally audit your level of compliance and thus, assess your overall maturity level. We can also audit your processing activities more in depth.
Gap analysis and action plan
The objective of a Gap Analysis is to determine the appropriate actions that need to be implemented to ensure compliance with the GDPR.
The first step consists of obtaining a global view of your personal data protection situation and then conducting an analysis of your current compliance with the GDPR through:
- The identification of the organisational measures in place for the protection of personal data (governance structure, policies and procedures)
- An inventory of personal data processing currently being carried out, including the level of compliance with the legislation
- An analysis of current processing activities as well as technical and organisational measures taken covering the collection to the deletion of personal data.
As an essential part of your data protection programme, to demonstrate compliance with the GDPR, a Gap Analysis highlights the impacts of the GDPR on your organisation through:
- The identification of your level of compliance with the GDPR, for each of your processes
- The determination of the actions to be taken to meet the requirements of the GDPR, taking into consideration the level of risk for your organization and the sensitivity of the operations for the persons concerned
- Operational plan of action, prioritized and support in project mode.
Processing Activities Audit / Data Lifecycle Audit
The objective of such audit is to determine the non-conformities linked to your organisation’s processing activities against the GDPR requirements.
As a second objective, the audit aims to identify the appropriate actions that need to be implemented to ensure compliance with the GDPR.
Initially, our service consists of obtaining a global view of your organisation’s level of compliance through:
- Review of the inventory of the processing of personal data
- The identification of the technical and organisational measures in place for the protection of personal data including during its lifecycle of collection, use, storage, transfer and disposal.
As a next phase, MGSI can:
- Identify the compliance level against the GDPR, for each of your organisation’s processing activities
- Identify rooms for improvement and actions to be taken to meet the requirements of the GDPR, taking into consideration the risk appetite of your organisation as well as the sensitivity of the operations and data for the persons concerned.
Product and solution Audit
New requirement in the GDPR is the Data Protection by design and by default. If your organisation is or intending to develop a new software, process or activitiy, MGSI can assist your organisation to meet this requirement.
However, Existing products and systems should also comply with the GDPR. Therefore, it is necessary to perform a compliance audit.
MGSI can audit the compliance of these products and systems against GDPR requirements. Furthermore, our work can also be aiming to certify IT solutions or products as GDPR compliant (EuroPriSe).
The audit evaluates the solution, or product compliance in respect to:
- Data classification
- Lawfulness, fairness and transparency,
- Data subjects’ rights
- Consentand choice
- Security organisational and technical measures
- Data breach management
- Third party management
- Data transfer
MGSI can conduct an IT General Controls audit. These controls govern the functionality of the applications that support the financial transactions. MGSI can test the controls concerning IT change management and operations, as well as physical and logical access controls.
The audit covers:
- The compliance with organisational standards, policies and guidelines
- The controls: assessment of the effectiveness, efficiency and adequacy of controls.
MGSI can afterwards recommend compensating controls that would reduce the risk level behind any weakness that might be found during the audit.
Want to know more about audit services ?