Service
GDPR audit
We check how your company really processes personal data and where it breaks GDPR. Instead of an opinion that things are fine or not, you get a prioritised remediation plan.
- ISO/IEC 27001
- 3000+ workstations
- Since 2017
A GDPR audit is a project that reveals the real state of data protection in your company. We verify processes, documentation and agreements, and the result is a list of actions ranked by risk, not a general diagnosis.
What the audit covers
We check every area where the company touches personal data, from processes to agreements.
-
Process review
We map where and why you process personal data: clients, employees, contractors, monitoring, marketing. Without this map, the rest is guesswork.
-
Register analysis
We check the record of processing activities and the breach register. We verify that they reflect reality, not a state from years ago.
-
Legal bases and clauses
We assess the legal bases for processing, information clauses and consents. This is where real breaches most often hide.
-
Data processing agreements
We review agreements with suppliers processing data on your behalf and check whether they even exist where they are required.
-
Technical safeguards
We verify access, backups, encryption and permission control. GDPR requires adequate measures, not declarations.
-
Remediation plan
You get a ranked list of actions with priorities, showing what risks a real fine and what is simply housekeeping.
The difference between paper and practice
Many companies have a full set of GDPR documents bought as a package and a belief that the matter is closed. An audit usually shows something different: the policies describe processes that do not exist, data processing agreements with actual suppliers are missing, and marketing consents are collected in a way the authority will challenge.
We audit what actually happens, not what is written down. We talk to the people who process the data, check the systems and configurations, and compare that with the documentation. The gap between paper and practice is the most common source of risk and the first thing an inspection checks.
Why it pays to do this before an inspection
A fine for a GDPR breach can reach millions, but the real problem starts earlier. A complaint from a dissatisfied client or a former employee is enough for the authority to take a closer look. From then on, every gap in the documentation and every case not handled in time works against you.
An audit carried out calmly, before an inspection, changes the situation. The company knows its weak points, has a plan and evidence that it acts in good faith. That genuinely lowers the risk of a fine and shows the authority that data protection is taken seriously.
How we carry out the audit
Methodically and within an agreed scope, with a result you can implement.
- 2-4 weekstypical audit time
- reportnonconformities and risks
- planactions by priority
- auditorinternal ISO/IEC 27001
- Setting the scope. We define which areas and processes the audit covers. We match the scope to where the company actually processes data.
- Gathering evidence. We hold interviews, review documentation and check systems. The assessment is based on facts, not a questionnaire.
- Report with priorities. We hand over a report with nonconformities, a risk assessment and a remediation plan ranked by urgency.
- Support during remediation. We can lead the implementation of the recommendations, from documentation to technical safeguards.
How we bill
We quote this service individually after a scope survey.
Frequently asked questions
How long does a GDPR audit take?
Usually two to four weeks, depending on the size of the company and the number of processes. Once we agree the scope, we give a specific date for delivering the report.
How does the audit differ from DPO outsourcing?
An audit is a one off project assessing the state of compliance at a given moment. DPO outsourcing is an ongoing service that maintains data protection over time. It often starts with an audit, so you know where to begin.
What do I get after the audit?
A report with a list of nonconformities, a risk assessment and a remediation plan ranked by priority. You know what to fix first and what risks a real fine.
Will you help implement the recommendations?
Yes. We can lead the remediation: complete the documentation, prepare data processing agreements and implement technical safeguards, and then take over ongoing support as part of the DPO service.
Let us talk about your project
Answer 2 questions about your company. You will see a simple estimate right away, and we will prepare a full proposal within 24 business hours.
- 2 minutes, no commitment
- You talk to an engineer, not a salesperson
- No spam, one contact about your quote