News

SUBSCRIBE to our weekly e-mail (with live links) for just €5 per month
+++++++++++++++

ELEC Paper: Why EU Capital Markets Union has become a “must have” and how to get there -Feb 2024

My collected papers - 1989/1993: Market Discipline in EMU

Public Information

Expand

Graham Bishop Consultancy

Friends of GrahamBishop.com

Brussels 4 Breakfast

CPD / Education and Learning

Graham Bishop - Biography

Graham's Blogs

Graham's Media Activities

Graham's Speeches

Graham's Writing

Press Resources

Photographs

My `pro bono' work

How you can support this work

Why my `pro bono' work is relevant to markets

Technical Difficulties

Privacy Policy

Terms and Conditions

Tweets by @GrahamBishopcom

Follow @GrahamBishopcom

Article List:

Commercial Risk Euro...
Insurance Europe: Ov...
EU to ban data local...
Digital Single Marke...
Commercial Risk Euro...
No barriers to free ...
General Data Protect...
>>ECIIA: GDPR moves in...
New rules on data pr...
Hedgeweek: More than...
Commercial Risk Euro...
Commercial Risk Euro...
Financial Times: Eur...
European Commission:...
Insurance Europe: GD...

Home>Protecting Customers>General Data Protection

Print Page Save to My Library <Next Article Previous Article>

25 May 2018

ECIIA: GDPR moves into the next phase

Europe’s General Data Protection Regulation came into effect on 25 May. While internal auditors in many organisations will have been helping their organisations prepare for the new requirements, now that the legislation is live, they are more likely to be providing assurance.

It is critical that organisations do not lose impetus after all of the hard work it has taken to get their processes off the ground.

“Now that GDPR is live, internal auditors will need to be ensure that people throughout their organisations do not become complacent because the new rules are here to stay,” ECIIA President Farid Aractingi says. “Internal auditors are likely to move from a more consulting role to providing assurance over the processes that are now in place.”

Typical areas on which audit can provide assurance include:

How adequate and effective are the policies and processes in place as controls?

How robust is the organisation’s data governance?

Are the right people in the right roles to promote sound data controlling and processing?

How rigorous and timely is the reporting of data breaches?

Are we fully compliant?

How do we learn from incidents?

Auditors will need to consider how GDPR is reflected in their annual audit planning. For example, should GDPR be a consideration for every audit engagement, in the way culture now should be? Is auditing the GDPR control framework also something that should happen across the organisation every two to three years?

Internal auditors are likely to give greater focus on specific areas after implementation. IT and GDPR-specific change programmes are obvious examples, but organisation-wide communications will need to ensure that GDPR stays topical even after the initial rush of activity. That could mean ensuring that human resources and learning and development teams have plans to amend training for existing staff and new joiners. GDPR should remain a significant topic for induction and refresher training.

There are currently gaps in the guidance available, but this will develop as everyone gets to grip with GDPR. Internal auditors should stay abreast of any changes to legislation, guidance and good practice.

Blog

© ECIIA

< Next Previous >

Key
Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information

Comments:

No Comments for this Article

Add new comment

Show name and company details

Follow Us

News

Public Information

Article List:

25 May 2018

ECIIA: GDPR moves into the next phase

© ECIIA

Key

Comments: