Renowned customers trust
data protection solution from IITR
Renowned customers trust
data protection solution from IITR
Memberships
Data Protection Audit and Certification
- Transparent information about the data protection level at your company
- A trust-building basis that fosters professional relationships and protects you from liability
- A cost-effective alternative to an onsite data protection audit
Web-based data protection audit with
Your advantages
- Liability management for management
- Proof of data protection-compliant processes
- Cost-effective alternative to on-site audits
- Transparency towards other companies
- Also for small and medium-sized enterprises
- Audit-proof storage of your data protection status
- Secure verification of GDPR requirements
Or call us: +49 (0)89 1891 7360
How IITR helped us
Dr. Kraska and the IITR have been supporting and advising us on data protection since 2015. This is a challenging topic, especially for us as a SaaS software provider that is scrutinized by hundreds of data protection officers every year. Dr. Kraska's excellent reputation among data protection experts is very helpful in this regard.
Christian Asche, Geschäftsführer coveto ATS GmbH
Or call us: +49 (0)89 1891 7360
Web-based Data Protection Audit for your Company
We use our web-based audit tool, privASSIST, to check compliance with data protection regulations. The audit tool requests any supporting documents that might be needed and takes a revision-proof approach to documenting your responses and any documents you provide.
Our audit tool is an affordable way to measure data protection compliance.
Our standards and testing procedures
for transparent data protection audits
- Data protection audit procedures are carried out using the web-based audit tool privASSIST.
- privASSIST is a web-based data protection audit tool that can be used to measure data protection.
- Testing and certification standards are laid down as CPS
- CPS (Certified Privacy Standard) refers to testing and certification standards according to which data protection can be queried via privASSIST. The certification standards are accompanied by a conformity assessment program.
Companies can be certified according to the following standards:
- CPS 100: Certification of data protection status for medium-sized companies
- CPS 300: Certification of processors in accordance with Art. 28 GDPR
- CPS 600: Certification of data protection status for small businesses
The following auditing standards are also available:
- CPS 021: Audit of employee data processing
- CPS 031: Audit of online presence/websites
- CPS 041: Audit of cyber security
- CPS 051: Audit of applicant management
- CPS 061: Review of video surveillance systems
- CPS 071: Review of home working and mobile working
- CPS 401: Minimum requirements for cyber insurance
- CPS 800: Data protection audit for software developers
- CPS 082: Data protection audit of measures to protect against ransomware attacks
- CPS 091: Audit of data processing security (IT quick check)
- CPS 110: Implementation of data protection in large companies
- CPS 200: Implementation of data protection in SMEs
- CPS 350: Audit of processors pursuant to Art. 28 GDPR (when outsourcing data processing to service providers)
- CPS 360: Audit of processors pursuant to Art. 28 GDPR (when data processing is carried out on the client's systems)
- CPS 501: Auditing information security at service providers for ISO 27001
- CPS 911: Auditing the HR department in general
- CPS 921: Auditing the IT department in general
- CPS 931: Sales and marketing
More about
privASSIST andCPS
Comparison with requirements of data protection supervisory authorities
Use our web-based audit tool privASSIST to check whether you comply with the requirements of the data protection supervisory authorities. The audit questionnaires of the supervisory authorities are taken into account in the CPS audit standards. This gives your company a reliable assessment of your data protection status.
Web-based data protection audit with evidence: reliable audit report and lower costs
Thanks to our web-based platform for data protection audits, simple questionnaires are a thing of the past. With privASSIST, you are guided through the questions in a targeted manner and receive a reliable and transparent audit report in addition to further information. The use of web-based privASSIST technology significantly reduces audit costs compared to an on-site audit.
Making data protection measurable through an audit
The system examines data protection issues in differentiated questions from different perspectives and automatically identifies discrepancies in the answers. As a result of a data protection audit, you receive a comprehensive audit report documenting implementation measures.
Data protection audit
explained in a nutshell
Download our flyer as a PDF document (german) here and take a look at our range of data protection auditing and certification services in compact form.
Data protection audit: Everything you need to know about privASSIST, the questionnaire, and costs
We are happy to answer your questions
privASSIST is a web-based audit tool that can be used to “query” your company's data protection. The aim is to find out whether you are working in compliance with the GDPR and to certify this status. Instead of employing data protection auditors on site, you can conveniently carry out privASSIST online using a customized questionnaire based on your company's requirements, size, and type of data processing. The questionnaire is based on the Certified Privacy Standards (CPS), which are evaluated within one to two weeks after the questions have been successfully answered.
The result of the data protection audit provides you with a detailed evaluation and clear comparisons with the existing database and, if necessary, also offers insights into deviations and potential for improvement. A successful data protection audit is certified according to the standards of IITR Cert GmbH.
A data protection audit with privASSIST offers you the following advantages:
- Questionnaire: You are guided through the questions in easy-to-understand language, and your answers are recorded in an audit-proof manner.
- Standardized certificates: privASSIST is based on testing and certification standards (CPS), according to which data protection is queried and evaluated.
- Comprehensive audit report: With privASSIST, the current data protection standard is transparently verified.
- Cost-effective: Thanks to online testing procedures, costs can be kept low compared to an on-site audit, ranging from €225 to €2,000.
A data protection audit can be carried out internally and on site by the data protection officer or by an external data protection officer or data protection auditor. Contact points for external service providers include TÜV or audit companies. Web tools such as privASSIST are an alternative to on-site data protection audits.
Tip: When selecting a data protection auditor or audit tool, always make sure that you are dealing with a reputable provider who presents the audit process and certification in a transparent manner. External auditors or web-based tools are preferable to internal auditors because they are unbiased and deliver objective results.
Article 32 (Security of processing) of the General Data Protection Regulation (GDPR) stipulates that data protection must be ensured in companies through specific measures:
d) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing. (Art. 32 GDPR)
A data protection audit examines the extent to which companies comply with data protection requirements and operate in accordance with the GDPR. A data protection audit can also reveal options for improving data protection processes in your company.
A data protection audit allows you to check whether the requirements of the GDPR are being met and whether the handling of data within your company is up to date in terms of data protection law. A data protection audit identifies areas where data protection processes can be optimized and, upon successful completion and certification, provides you with proof for customers and authorities. A data protection audit is important if you process personal data within your company or if you collect personal data on behalf of another company—in other words, a data protection analysis is essential for virtually all companies and providers.
Do you process personal data within your company or offer this service to other companies? Then you must work in compliance with the GDPR. A data protection audit can provide evidence of data protection-compliant services, processes, and structures within a company. A data protection analysis is therefore recommended for all companies, including small and medium-sized enterprises (SMEs) that handle personal data.
As a general rule, web-based data protection audits such as privASSIST are cheaper than on-site data protection audits. With privASSIST, you can expect to pay between €225 and €2,000, whereas an on-site data protection audit can cost this amount per day over several days.
The duration of a data protection audit depends on the type of data collection. An on-site data protection audit can take several days, plus some time to evaluate the results. With privASSIST, you only need to spend about half a day (depending on the selected audit catalog) answering the questions. You can expect to receive the results of the data protection analysis after one to two weeks.
It is not possible to make a general statement about how often a data protection audit should be carried out. Nevertheless, you should repeat data protection audits regularly or carry out supplementary analyses annually to check whether all data protection regulations are being complied with.
After a data protection audit, whether internal or external, a report should always be written, known as the audit report. Within the privASSIST audit report, the results are presented in an easy-to-understand graphical format, giving you an overview of the current state of data protection in your company. Based on this, a list of measures can be created that lists the weaknesses in your data protection and adds to-dos for remedying them.
Do you have any questions or would you like to have a data protection audit carried out with privASSIST? Then find out more now about data protection audits and certification from IITR Cert GmbH.
Yes, privASSIST has an English-language version that allows you to perform a data protection audit using English-language auditing standards.
privASSIST provides users and companies seeking certification with a comprehensive list of questions. This checklist is used to verify compliance with data protection standards. The specific questions depend on the respective Certified Privacy Standard (conformity assessment), which is based on the size of the company and the type of data processing.
The topics covered by privASSIST include (among others):
- Data protection organization
- Data protection documentation
- Data security
The following questions may be part of the questionnaire (selection):
- Is there a data protection officer (if necessary)?
- Are there access controls for the business premises/server room?
- How are any data protection violations dealt with?
Article 42 of the General Data Protection Regulation provides for certification when companies have personal data processed or collect and process it themselves on behalf of others. With the privASSIST tool, private-law certification is carried out by IITR Cert GmbH in accordance with the Certified Privacy Standard (CPS). Your data protection audit can be certified according to the following standards:
- CPS 100: Certification of data protection status for medium-sized companies
- CPS 300: Certification of processors in accordance with Art. 28 GDPR
- CPS 600: Certification of data protection status for small companies
10+years of experience
60+Business areas
2.500+satisfied customers