Audit by the Bavarian State Office for Data Protection Supervision
The Bavarian State Office for Data Protection Supervision (“BayLDA”) has recently been conducting an increasing number of ad hoc and ad hoc data protection audits at companies in various industries. The BayLDA announces and reports on these audits on its website . The event-driven audits are usually the result of customer complaints or concrete indications of possible data privacy violations. Unprovoked audits are carried out in some regions of Bavaria at dutiful discretion, irrespective of the industry. The BayLDA chooses different procedures for the audits. In individual cases, audits are ordered directly at companies on site. In other cases, the selected companies are audited by means of a written procedure or an automated online audit via the Internet.
The BayLDA announces/emphasizes. reports on the following audits, among others:
- Deletion of data in ERP systems (SAP)
- Data protection breaches at (sub)processors
- Testing of the secure use of WordPress as CMS or of online store systems
- Implementation of the GDPR at a total of 15 small and medium-sized enterprises
- Processing of personal data in application procedures
Such audits are also carried out by other supervisory authorities, for example in Lower Saxony or Thuringia. It is to be expected that the other data protection supervisory authorities will follow this practice.