The GDPR audit helps the companies and institutions to determine what organisational and technological data protection measures have they applied and are these measures working as intended.
The audit is based on structured interviews with relevant employees and review of relevant documentation. If needed, an on site inspection is also conducted.
The observations in the audit report if data protection measure has been applied, partially applied or not applied and if the associated risk is high, average or low. The report also gives risk mitigation recommendations.