We Independently Audit Your Existing GDPR Compliance Efforts

Our GDPR Audit details how well you are meeting your GDPR obligations and identifies areas for improvement.

Learn MoreDownload Brochure

Your Organisation must conduct regular audits and risk assessments to ensure ongoing GDPR compliance. Failure to do so may lead to unidentified risks which will result in penalties.

Our GDPR Compliance Audit is an in-depth review of how your company collects, uses and secures data. We assess your current position and identify areas of improvement you need to ensure you continue to comply with the GDPR. It can be booked for specific departments, individual offices or across your entire business.

COMPLAINTS

To Supervisory Authorities

REPORTED

Data Breaches

AVERAGE (€)

GDPR Fine

Accountability under the GDPR

Compliance with the GDPR is an ongoing effort. As the law matures and court decisions are made, what was once ok will change. We provide an audit service which allows you check how your compliance program is performing. We help to idenify issues before they become problems and ultimately fines. Use our Compliance report to evidence your GDPR compliance to stakeholders such as potential clients, investors and your board.

Why You Need It?

E
Assurance you still comply with the GDPR
E
Protection from crippling fines
E
Identify issues before they become problems
E
Independently demonstrate your GDPR compliance to customers, investors and your board

Problems We Solve

Future Proof

We keep your business up-to-date and in compliance with the GDPR

Validation

Our compliance report can be shared with your stakeholders

Risk

Auditing your efforts regularly will reduce the risk of fines and penalties

What’s Covered in Your GDPR Audit?

E
Review data protection policies
E
Assess and Update Procedures
E
Test data subject rights requests
E
Identify cybersecurity risk
E
Validate third party vendors
E
Run data breach response testing
E
Validate Data Protection Impact Assessments
E
Update record of processing activities
E
Check international transfer of data
E
Identify staff training needs
E
Raise GDPR awareness among staff
E
Substantiate lawful basis for processing and revalidate consent

What We Deliver?

GAP Assessment

An article by article review of the GDPR regulation, identifying which articles apply to your organisation and what action you need to take to comply.

Remediation Plan

We produce a remediation plan to assist in bridging the gaps identified during the audit.

Compliance Report

We use our in-depth knowledge of the GDPR and your organisation to produce a detailed report on your current standing, which includes an assessment of risks, industry standards and privacy trends.

Frequently Asked Questions

Is there a GDPR certification?

No, there are no GDPR certification schemes at present. However, once we have completed your audit and given you time to fix any issues we will produce a report detailing your compliance which you may share with stakeholders. 

What effect does Brexit have on GDPR compliance?

When the UK leaves the EU any UK companies continuing to do business with the EU will still need to continue to comply with the GDPR. The primary difference being there will then be an international transfer of data and they may need to appoint an EU Representative.

.

What is the difference between a GDPR Audit and a GDPR Assessment?

The GDPR Audit looks at an existing GDPR compliance program whereas the GDPR Assessment is for companies without a GDPR compliance program.

How are your audits conducted?

We conduct our GDPR audits remotely where possible. We review current documentation, issue various staff questionnaires and facilitate video workshops with management. Depending on your needs we have a tool to scan your databases for personal data.

Do you audit our security systems?

No, we will audit your staff awareness and procedures around information security but not the actual systems. We do have trusted partners who can do this for you. 

Is there a GDPR certification?
No, there are no GDPR certification schemes issued by the European Commission. ApexPriv will be monitoring any certifications that come out as the regulation evolves, we will do this with the purpose of supporting our clients in achieving said certification, as well as attaining it ourselves.
What effect, if any, does Brexit have on GDPR?
Even though the UK is set to leave the EU as of March 29th, 2019, any UK companies continuing to do business with the EU after Brexit will need to comply with the Regulation to avoid infringements.

International companies across the globe with any EU citizens as customers will need to be aware of their new legal obligations and comply to avoid fines. With the high level of international business involving the EU, the GDPR may influence stronger data protection procedures around the world.

Who does the GDPR affect?
The GDPR not only applies to organizations located within the EU but also applies to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location (extraterritoriality).
What effect, if any, does Brexit have on GDPR?
Even though the UK is set to leave the EU as of March 29th, 2019, any UK companies continuing to do business with the EU after Brexit will need to comply with the Regulation to avoid infringements.

International companies across the globe with any EU citizens as customers will need to be aware of their new legal obligations and comply to avoid fines. With the high level of international business involving the EU, the GDPR may influence stronger data protection procedures around the world.

Do all organizations now have to appoint a Data Protection Officer?
It is not always necessary for a company to appoint a DPO. According to the ICO, a company should appoint a DPO if they:

• Area public authority (with the exception of courts acting in their judicial capacity)
• Carry out large scale systematic monitoring of individuals, such as online behavior tracking
• Carry out large scale processing of special categories of data or data relating to criminal convictions and offenses

However, any organization is able to appoint a DPO if they wish to do so. This is a decision that is strongly encouraged in order to have a designated role that manages and maintains GDPR compliance.

Success Stories

We are in the business of building long term relationships.
Feedback from our clients has been largely positive, which is surprising. GDPR is a new and uncomfortable area for many of our clients, so we did not expect such praiseful responses. Our clients appreciate the clarity of our approach, and it’s opened up new business opportunities. Kevin Michels-Kim

VP Product & Innovation, Merakoi

Tom and his team have been advising throughout the design of our product. Asking the hard questions and giving us confidence that we are designing a product which is completely secure and respects privacy laws across the globe. ApexPriv has become a crucial part of our team and the success of our company Mike Yap

Founder, Conscious