Audit means the inspection or examination of the processor’s activities and its facilities to ensure GDPR compliance.

    Art. 28(3)(h) GDPR state that the terms of the audit always should be regulated in the data processing agreement between the controller and the processor.

    When executing an audit, the controller should be able to confirm that the data are being processed in a compliant way. Essential questions that a processor always should be able to answer could be:

    • What data are collected?
    • Where are the data stored?
    • How is the data being protected and documented?
    • How long is the data stored?
    • What are the processes for requests from a data subject regarding their rights?


    Schrems II – Expert Legal Advise

    Act with confidence today. Our experts are here to help you manage the Schrems II requirements. Measured and practical solutions. Support through the entire process. Transfer impact assessment. Dealing with supervisory authority. Enforcement action. Defending legal claims. Track record with leading European startup, mid-size companies and listed global enterprises.

    Get a quote today from the business law firm Sharp Cookie Advisors