GDPR Audit services

GDPR introduces new rights. Organisations need to be equipped and ready to handle these GDPR is built on the concept of Accountability. This means the data controller is both responsible for, and must be able to demonstrate compliance with all of the requirements of the GDPR. In effect organisations require documentary proof of they manage security, subject access requests, breach management and privacy by design etc.

This pushes responsibility onto the data controller to prove themselves compliant and away from the regulator having to find a problem. Essentially data controllers are now guilty until proven innocent. DigiTorc developed our unique 4D audit to assess how compliant Irish organisations are with GDPR.

We offer a fixed price GDPR for SMEs, that shows you exactly

  • how compliant you are in terms of the regulations
  • how you compared to similar Irish organisations
  • what are the top 10 priority actions for you are.

Contact us now to book your audit.

  • PECR: an Introduction
    Privacy and Electronic Communications Directive (PECR) refers to a set of European directives which have been issued and refined since 2002. These directives were written specifically to address the requirements of new digital technologies and ease the adoption of new and innovative electronic communications services. The Directives complement the Data Protection Directive and applies to ...
  • What are Joint Controllers?
    Sometimes the division between Data Processors and Data Controllers is not simple. Where more than one entity has control in determining the processing requirements, there can be multiple Data Controllers.  This situation can lead to “Joint Controllers” which needs to be managed carefully. To recap: the Data Controller determines the purposes for which and the manner in which personal data is ...
  • Four key points to include in contracts between Data Controllers and Data Processors
    The General Data Protection Regulation (2016/679), imposes clear requirements controlling the appointment of data processors by data controllers.  One of these is a requirement prescribing various matters which must be stipulated in a written contract (Article 28). As and from 25 May 2018 all agreements between Data Controllers and Data Processors need to meet these new GDPR requirements. This is a major change for many organisations, who ...
  • GDPR Data Retention: Adequate, relevant and not excessive
    Many people ask us how long they should store data for to be GDPR compliant. The very brief answer from the EU is: You must store data for the shortest time possible.   This phrase “shortest possible”, while certainly punchy is sadly imprecise.  This article attempts to shine some light on what it really means. Public accountability The obligation ...
  • GDPR: encryption, pseudonymisation and anonymisation – security as a Russian doll
    The deadline on May 25th 2018 has passed, and even though the GDPR legislation has been public for well over a year, most businesses and organisations are only now beginning to realise that it actually applies to them too. The private sector is playing catch-up and brand-owners arriving late are grappling to get their heads around ...
  • GDPR and Charities in Ireland
    Ireland is fortunate in having a thriving voluntary sector. A sector which between employment, sport, caring and entertainment touches the lives of almost every citizen on the island of Ireland. Possibly retaining personal data on every citizen on the Island of Ireland. Every city, town and parish in the country has sports clubs and schools ...
  • 3 Free Information Security tools
    Part of GDPR is protecting users’ data, businesses are obliged to think about privacy when designing systems. Protecting data is also common sense.  Who would deal with a business that can’t reliably store data? This post is about using some practical (and free) tools to reduce risk for a small business. In the world of Information ...
  • First five questions for GDPR compliance
    When confronted with the looming deadline of May 2018 for GDPR compliance there are five big questions any organisation should ask. Who deals with personal data in your organisation? Individuals or departments whichever is appropriate. What data do you gather across organisation?  list it out there may be repetition which can be rationalised later. Why is the data collected or processed? Different users may have different reasons, list them all. List ...
  • GDPR a primer
    General Data Protection Regulation or GDPR imposes new and arduous burdens on business and other organisations across Europe from May 2018.  Behaviours will have to change and companies have to make sure they are ready for the deadline or face fines up to 20 M euro. This primer summarises some aspects of the GDPR which ...