IFAC and FERMA: GDPR and Corporate Governance

19 November 2019

The ECIIA and the FERMA collaborated in a new publication entitled “GDPR and corporate governance: The Role of Internal Audit and Risk Management One Year After Implementation”. The paper focuses on the impacts of the GDPR on corporate governance practices in the year following its implementation.

Most specifically, the paper looks at the roles played by internal audit departments and risk management functions.

The findings in this paper are based on analysis of two anonymous web-based surveys and interviews of selected GDPR stakeholders from various industries throughout Europe.

The main objectives of the publication are:

• Promote good governance alongside the General Data Protection Regulation (GDPR).
• Assess the current situation and identify issues and recommendations for the GDPR.
• Collect best practices regarding good governance for GDPR implementation, including the roles of internal audit and risk management.

Prior to the effective implementation of GDPR in May 2018, most European organisations invested significant efforts to comply with the regulation. As a result, substantial progress has been made in integrating GDPR compliance into existing corporate governance frameworks, as well adapting corporate governance to address GDPR challenges.

Across Europe and beyond, compliance with the GDPR, or more accurately, compliance failures, has gained significant attention. Organisations need to respond to stakeholders’ concerns about personal data, and boards need independent opinion.

Full press release on ECIIA

Full paper “GDPR and corporate governance: The Role of Internal Audit and Risk Management One Year After Implementation”

 

© ECIIA