Management need to continually ensure they are complying fully with the changes the GDPR has brought and any further changes in subsequent periods. Specifically relating to GDPR, data processors (third parties that process data on behalf of your organisation) now also have significant new obligations to adhere too under the GDPR.

The assurance that your organisation should be carrying out should be a constant process of ensuring that the GDPR regulations are effectively being met by the organisation at all times. Additionally assurance surrounding any third parties engaged by the organisation to process data are required to ensure that they are not in breach of any GDPR regulations.

This would involve a review of policies and procedures and more specifically checking to ensure that the controls in place to ensure GDPR compliance have been designed and operate effectively. This checking would be independent, as a part of internal audit or as a routine part of business operations. However you choose to test, it is of critical importance that you test to identify and address weaknesses.

We have significant experience of testing and assuring data protection controls. Our team comprises experts that have tested data protection processes at large and small organisations.