The 25 May 2018 enactment of the General Data Protection Regulation (GDPR), a European Union regulation, thrust many auditors into positions of even greater responsibility: serving as critical resources in complying with the new rules governing the use and manipulation of personal data.
Months after implementation, many auditors are still navigating these changes and working to ensure their audit programs address all the new requirements of GDPR. To meet their needs and provide guidance and best practices, ISACA, in partnership with ACL, has released a new complimentary white paper, How to Audit GDPR.
Exploring six of GDPR’s principles—lawfulness, fairness and transparency; purpose limitations; data minimisation; accuracy; storage limitations; and integrity and confidentiality—How to Audit GDPR identifies where GDPR can be considered within an enterprise’s strategic audit plan. The white paper also compares the roles of data controller and data processor under GDPR, and it outlines the responsibilities that data controllers have in working with third-party data processors.
“Auditors play an integral role in ensuring enterprises are compliant with complex GDPR requirements,” said Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, Director of Information Security and IT Assurance at BRM Holdich and chair of ISACA’s Women’s Leadership Council. “These new resources provide the clarity and guidance to support auditors in their efforts to build these new considerations into their annual audit plans.”
Auditors can gain additional tools and insights into the GDPR auditing process through ISACA’s new GDPR Audit Program Bundle, which is US $49 for ISACA members and US $79 for non-members and includes the following components:
- An instructional overview (PDF file)
- GDPR Audit Program—Enterprise: a comprehensive GDPR audit program geared primarily toward large enterprises (Excel file)
- GDPR Audit Program—Technical: a selection from the comprehensive program above that focuses on technical aspects of GDPR compliance (Excel file)
For more guidance and information around GDPR, including interactive learning options, resources and news, please visit www.isaca.org/gdpr.
About ISACA
Nearing its 50th year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters worldwide and offices in both the United States and China.
Twitter: https://twitter.com/ISACANews
LinkedIn: https://www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAHQ
Instagram: https://www.instagram.com/isacanews