In the spring of 2018, the General Data Protection Regulation (GDPR) came into effect. Failure to comply with GDPR requirements can result in substantial fines. In recent years, companies have taken measures and, in many cases, demonstrated their control over the protection of sensitive privacy information.
The GDPR demands 'appropriate technical and organizational measures' to ensure secure and correct data processing methods (Article 24 GDPR) and compliance with principles such as 'privacy by design & default' (Article 25 GDPR) and 'appropriate security' (Article 32 GDPR). Building trust in a time of increasing concerns about data protection is crucial. Many organizations face inquiries from critical customers about how they ensure that personal data is processed correctly.
During a GDPR audit, Kiwa examines processes and policies related to data protection. This includes assessing whether you have conducted a data protection impact assessment (DPIA) and evaluating the resulting measures (and their effectiveness). The audit also focuses on the efficiency of information processing, the responsibilities of relevant officials within the organization (including the Data Protection Officer (DPO)) and the implemented technical and physical security measures.
The ultimate goal of this practical approach is to ensure that your organization not only complies with the requirements of European data protection laws on paper but also in daily operations. This focus emphasizes actual compliance and the protection of individuals' privacy, which is crucial at a time when data protection is becoming an increasingly important concern for both consumers and regulators. Based on the findings and a positive assessment, Kiwa will issue a certificate. With this GDPR declaration, you instill confidence in employees, customers and other stakeholders, demonstrating that you meet the requirements and hold privacy in high regard.
Kiwa's GDPR audit serves as an excellent foundation for further certification according to standards such as ISO 27001 and NEN 7510. Even for organizations already certified according to these standards a GDPR audit is valuable, because – more so than ISO 27001 and NEN 7510 - it addresses specific privacy issues within organizations.