From Janu­ary 21 to 22, 2019, a trai­ning cour­se on the topic of the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR) Audit Approa­ches and Impacts on Inter­nal Audit Acti­vi­ties will be held at the Aca­de­my of Inter­nal Audi­ting in Vien­na. Pri­ma­ry tar­get group are inte­res­ted per­sons in the audit depart­ment, IT depart­ment, secu­ri­ty and data pro­tec­tion offi­cers but also mana­gers and directors.

Semi­nar topic

The requi­re­ments of the GDPR are to be appli­ed as of 25.5.2018 and requi­re an inten­si­ve exami­na­ti­on of the topic and a struc­tu­red approach for audi­ting the imple­men­ta­ti­on of and com­pli­ance with the­se requi­re­ments in dai­ly audi­ting prac­ti­ce. An essen­ti­al part of the GDPR are the prin­ci­ples set out in Art. 5 “lawful­ness, fair pro­ces­sing, trans­pa­ren­cy, pur­po­se limi­ta­ti­on, data mini­miza­ti­on, accu­ra­cy, sto­rage limi­ta­ti­on, inte­gri­ty and con­fi­den­tia­li­ty and sub­se­quent­ly accoun­ta­bi­li­ty. That is, the com­pa­ny must be able to demons­tra­te com­pli­ance with the­se prin­ci­ples. In 2019, inter­nal audi­tors will face the chall­enge of iden­ti­fy­ing pos­si­ble weak­ne­s­ses or opti­miza­ti­on poten­ti­al in the com­pa­ny and will have to defi­ne and car­ry out the audi­ting acti­vi­ties requi­red for this pur­po­se. In addi­ti­on, the requi­re­ments of the GDPR must also be taken into account in dai­ly audit prac­ti­ce. The semi­nar deals with the GDPR from a pro­fes­sio­nal point of view and offers an over­view of the requi­re­ments and pro­vi­des prac­ti­cal audit approa­ches. Con­cre­te imple­men­ta­ti­on examp­les and spe­ci­fic audit pro­ce­du­res are pre­sen­ted for the respec­ti­ve requi­re­ments. Fur­ther­mo­re, the impact of the GDPR on the acti­vi­ties of inter­nal audi­ting will be explai­ned and illus­tra­ted by means of con­cre­te examples.

Semi­nar content

  • Defi­ni­ti­ons, requi­re­ments and data pro­tec­tion principles
  • Posi­tio­ning of the DSGVO in the inter­nal con­trol system
  • Data Pro­tec­tion & Infor­ma­ti­on Secu­ri­ty Manage­ment Sys­tem (DS/ISMS)
  • Accoun­ta­bi­li­ty / Requi­red evi­dence for com­pli­ance with the DSGVO
  • Deli­mi­ta­ti­on of audit acti­vi­ties by the inter­nal audit department
  • Pre­sen­ta­ti­on of the audit fields of the DSGVO
  • Appli­ca­ti­on of stan­dards and norms for audit planning
  • Use of the regis­ter of pro­ces­sing acti­vi­ties for audit planning
  • Data pro­tec­tion by design & default pseud­ony­miza­ti­on / anony­miza­ti­on & encryption
  • Audit of com­pli­ance with data sub­ject rights
  • Risk manage­ment ver­sus data pro­tec­tion impact assessment
  • Deal­ing with pro­ces­sors (What gua­ran­tees are sufficient?)
  • Tech­ni­cal and orga­niza­tio­nal data secu­ri­ty measures
  • Con­tent and scope of dele­ti­on con­cepts accor­ding to DIN 66398
  • Data breach noti­fi­ca­ti­on processes
  • Plan­ning and car­ry­ing out audits taking into account the GDPR Prac­ti­cal topics (email
  • encryp­ti­on, video sur­veil­lan­ce, log­ging, etc.)

The semi­nar will be led by Man­fred Scholz.

Regis­tra­ti­on and fur­ther infor­ma­ti­on at the fol­lo­wing link: https://www.internerevision.at/seminare/fachseminare/seminar/datenschutzgrundverordnung-dsgvo-210/