iSecure logo
Personal data protection and GDPR audit

Audit of a processor

Audit of the processor

Do you want to outsource your data processing to another company, but you are not sure if this company meets the requirements of GDPR?

Do you want your customers' data to be secure? And so that you do not have to worry about loss of image caused by data leakage?

Conduct a comprehensive - in terms of personal data protection - audit of the processor  to which you want to entrust or already have entrusted data processing!

Failure to verify the processor as to whether it provides sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects may be subject to an administrative fine by the DPA.

The overarching goal of such an audit is to comprehensively check the facts and verify those areas that will have a direct impact on the processing of your entrusted data.


As part of the activities undertaken during a personal data protection audit of a processor, we examine in particular:

  • which IT systems are used to process the entrusted data
  • what are the locations of the processing of the entrusted data
  • which internal units/departments have access to the entrusted data
  • what is the scale of access of third parties to the entrusted data and which entities are these
  • whether employees are systematically trained in data protection
  • whether the processor has carried out a data protection risk assessment
  • the organisational and procedural measures applied (implemented security policies, data processing procedures, appointment of DPO, etc.)
  • the technical measures applied (the way resources on workstations, laptops, servers, etc. are secured)
  • other elements affecting the protection of the entrusted data


Audit of a processor - report

The formal conclusion of the audit is the report and the presentation of the results to management. The reports created by iSecure include, among others:

  • description of irregularities
  • degree of non-compliance with GDPR
  • a recommendation on the risks arising from the cooperation

Our experts have gained well-established experience, which is backed up by extensive subject matter expertise. We know how to apply GDPR in practice and what difficulties are generated during the process. One of the key elements of achieving compliance with GDPR is knowing the risks arising from working with a processor. Entrust us with an in-depth audit of this area and we will give you a clear picture of whether there are irregularities and on what scale.

Maria Lothamer
Vice-President of the Board
Newsletter subscription
By adding your e-mail address and confirming "Sign up" you agree to processing your e-mail address by iSecure Sp. z o.o. for the purpose of sending a newsletter about services, events, or other activities of our Company