The General Data Protection Regulation expressly provides for the possibility of carrying out investigations of entities and organizations in the form of data protection audits, within the framework of the powers of investigation attributed to the control authorities. In this sense, the Catalan Data Protection Authority prepares audit plans within the scope of its powers and functions. The objective is not only to know and improve the degree of compliance with the obligations of the rule, but also to help those responsible and those in charge of the treatment to meet the requirements of the GDPR.
Audits prepared by the APDCAT