From January 21 to 22, 2019, a training course on the topic of the General Data Protection Regulation (GDPR) Audit Approaches and Impacts on Internal Audit Activities will be held at the Academy of Internal Auditing in Vienna. Primary target group are interested persons in the audit department, IT department, security and data protection officers but also managers and directors.
Seminar topic
The requirements of the GDPR are to be applied as of 25.5.2018 and require an intensive examination of the topic and a structured approach for auditing the implementation of and compliance with these requirements in daily auditing practice. An essential part of the GDPR are the principles set out in Art. 5 “lawfulness, fair processing, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality and subsequently accountability. That is, the company must be able to demonstrate compliance with these principles. In 2019, internal auditors will face the challenge of identifying possible weaknesses or optimization potential in the company and will have to define and carry out the auditing activities required for this purpose. In addition, the requirements of the GDPR must also be taken into account in daily audit practice. The seminar deals with the GDPR from a professional point of view and offers an overview of the requirements and provides practical audit approaches. Concrete implementation examples and specific audit procedures are presented for the respective requirements. Furthermore, the impact of the GDPR on the activities of internal auditing will be explained and illustrated by means of concrete examples.
Seminar content
- Definitions, requirements and data protection principles
- Positioning of the DSGVO in the internal control system
- Data Protection & Information Security Management System (DS/ISMS)
- Accountability / Required evidence for compliance with the DSGVO
- Delimitation of audit activities by the internal audit department
- Presentation of the audit fields of the DSGVO
- Application of standards and norms for audit planning
- Use of the register of processing activities for audit planning
- Data protection by design & default pseudonymization / anonymization & encryption
- Audit of compliance with data subject rights
- Risk management versus data protection impact assessment
- Dealing with processors (What guarantees are sufficient?)
- Technical and organizational data security measures
- Content and scope of deletion concepts according to DIN 66398
- Data breach notification processes
- Planning and carrying out audits taking into account the GDPR Practical topics (email
- encryption, video surveillance, logging, etc.)
The seminar will be led by Manfred Scholz.
Registration and further information at the following link: https://www.internerevision.at/seminare/fachseminare/seminar/datenschutzgrundverordnung-dsgvo-210/