iSecure logo
Personal data protection and RODO audit

RODO audits and implementation

RODO Audits


RODO audits are performed to verify the actual level of personal data protection and evaluate how an organization is prepared for changes that should be implemented according to General Data Protection Regulation (RODO/GDPR).


During the audit w will:

  • determine the information to which RODO regulations are applicable
  • determine the position of personal data processing bodies (controller, joint controller, processor, sub-processor)
  • verify the indications for personal data processing determined in RODO in terms of legality of all processes performed by customers on their daily basis routine
  • review the clauses of consent applied by customer
  • review the mandatory informative clauses applied by customer
  • analyze the contents of personal data processing agreements of entrust applied by customer
  • determine the procedures of third party’s rights execution (ie. data acces rights)
  • determine the procedures of controller/processor’s responsibilities (ie. notification about infringements)
  • analyze technical (IT-related, physical) and organizational measures applied by customer, dedicated to keep data secure, in terms of compliance to RODO regulations.


The final result of audit pre-implementation report, which identifies and describes inconsistencies (including law violations), provides proofs of the inconsistencies and recommendations how to eliminate them.


In addition, in the report we indicate what actions need to be taken to achieve compliance to RODO, in particular we will:

  • propose risk assessment methodology and perform risk assessment
  • evaluate whether data protection impact assessment is required and indicate how to handle this process if needed
  • determine the conditions of Data Protection Officer (IOD – Inspektor Danych Osobowych) designation if necessary
  • establish the customer’s area of responsibilities in accordance to RODO regulations
  • present our recommendations how to adapt IT environment to RODO requirements
  • prepare implementation schedule proposal


RODO Implementation


RODO implementation covers two steps:

  • data processing process adjustment
  • ICT environment adjustment


Within the data processing process adjustment, the customer will receive the documents covering the complex security policy (the final scope depends on the audit results and risk assessment), including:

  • risk assessment procedure
  • personal data protection impact assessment
  • risk handling plan
  • procedure of cooperation with third parties, including development of new draft of agreement of entrust of personal data processing and implementation of administrative solutions in order to demonstrate that the obligation of processor selection was fulfilled properly
  • record of personal data processing activities
  • procedure of cooperation with supervisory authority and reporting infringements
  • clauses dedicated to personal data collection and mandatory informative obligations
  • position and responsibilities of Data Protection Officer (IOD)
  • procedure for consideration of subject data requests directed to Data Protection Officer (IOD)
  • Policy for IT systems development process, that includes implementation of data protection solutions in design phase (privacy by design) and default data protection(privacy by default)
  • Prior consultation with President of Personal Data Protection Bureau (previously GIODO) when required
  • Selection of applicable transfer mechanisms in the event of personal data transfers to third countries or international organizations


For IT environment adjustment reasons, applicable procedures will be developed and provided. In particular procedures related to users management, as well as authorization for backup management and security issues handling


The subject service may be expanded by proposal to implement useful IT tools which would support conformity to RODO requirements in terms of IT security, especially:

  • data classification system
  • data leakage prevention system (DLP)
  • security information and event management platform (SIEM)
Newsletter subscription
By adding your e-mail address and confirming "Sign up" you agree to processing your e-mail address by iSecure Sp. z o.o. for the purpose of sending a newsletter about services, events, or other activities of our Company