Service

GDPR audit

We check how your company really processes personal data and where it breaks GDPR. Instead of an opinion that things are fine or not, you get a prioritised remediation plan.

Call +48 22 378 48 62
  • ISO/IEC 27001
  • 3000+ workstations
  • Since 2017

A GDPR audit is a project that reveals the real state of data protection in your company. We verify processes, documentation and agreements, and the result is a list of actions ranked by risk, not a general diagnosis.

What the audit covers

We check every area where the company touches personal data, from processes to agreements.

  • Process review

    We map where and why you process personal data: clients, employees, contractors, monitoring, marketing. Without this map, the rest is guesswork.

  • Register analysis

    We check the record of processing activities and the breach register. We verify that they reflect reality, not a state from years ago.

  • Legal bases and clauses

    We assess the legal bases for processing, information clauses and consents. This is where real breaches most often hide.

  • Data processing agreements

    We review agreements with suppliers processing data on your behalf and check whether they even exist where they are required.

  • Technical safeguards

    We verify access, backups, encryption and permission control. GDPR requires adequate measures, not declarations.

  • Remediation plan

    You get a ranked list of actions with priorities, showing what risks a real fine and what is simply housekeeping.

The difference between paper and practice

Many companies have a full set of GDPR documents bought as a package and a belief that the matter is closed. An audit usually shows something different: the policies describe processes that do not exist, data processing agreements with actual suppliers are missing, and marketing consents are collected in a way the authority will challenge.

We audit what actually happens, not what is written down. We talk to the people who process the data, check the systems and configurations, and compare that with the documentation. The gap between paper and practice is the most common source of risk and the first thing an inspection checks.

Why it pays to do this before an inspection

A fine for a GDPR breach can reach millions, but the real problem starts earlier. A complaint from a dissatisfied client or a former employee is enough for the authority to take a closer look. From then on, every gap in the documentation and every case not handled in time works against you.

An audit carried out calmly, before an inspection, changes the situation. The company knows its weak points, has a plan and evidence that it acts in good faith. That genuinely lowers the risk of a fine and shows the authority that data protection is taken seriously.

How we carry out the audit

Methodically and within an agreed scope, with a result you can implement.

  • 2-4 weekstypical audit time
  • reportnonconformities and risks
  • planactions by priority
  • auditorinternal ISO/IEC 27001
  1. Setting the scope. We define which areas and processes the audit covers. We match the scope to where the company actually processes data.
  2. Gathering evidence. We hold interviews, review documentation and check systems. The assessment is based on facts, not a questionnaire.
  3. Report with priorities. We hand over a report with nonconformities, a risk assessment and a remediation plan ranked by urgency.
  4. Support during remediation. We can lead the implementation of the recommendations, from documentation to technical safeguards.

How we bill

We quote this service individually after a scope survey.

See how we price audits and compliance

Frequently asked questions

How long does a GDPR audit take?

Usually two to four weeks, depending on the size of the company and the number of processes. Once we agree the scope, we give a specific date for delivering the report.

How does the audit differ from DPO outsourcing?

An audit is a one off project assessing the state of compliance at a given moment. DPO outsourcing is an ongoing service that maintains data protection over time. It often starts with an audit, so you know where to begin.

What do I get after the audit?

A report with a list of nonconformities, a risk assessment and a remediation plan ranked by priority. You know what to fix first and what risks a real fine.

Will you help implement the recommendations?

Yes. We can lead the remediation: complete the documentation, prepare data processing agreements and implement technical safeguards, and then take over ongoing support as part of the DPO service.

Let us talk about your project

Answer 2 questions about your company. You will see a simple estimate right away, and we will prepare a full proposal within 24 business hours.

  • 2 minutes, no commitment
  • You talk to an engineer, not a salesperson
  • No spam, one contact about your quote