Audit and Assurance

Expand all | Collapse all

Incorporating the GDPR Into IT Audits

  • 1.  Incorporating the GDPR Into IT Audits

    Posted 02 Mar, 2020 02:50
    My latest ISACA Journal column, IS Audit Basics: Incorporating the GDPR Into IT Audits
    https://www.isaca.org/resources/isaca-journal/issues/2020/volume-2/incorporating-gdpr-into-it-audits


    ------------------------------
    Ian Cooke

    ISACA Journal Columnist
    ------------------------------


  • 2.  RE: Incorporating the GDPR Into IT Audits

    Posted 03 Mar, 2020 06:07
    Great article, thanks Ian. Very timely as I'm just starting a GDPR audit and my employer provides multiple applications that store various types of data - not all personal or sensitive.​ This article was a timely reminder of the key points to focus on, aside from the higher level governance aspects.

    ------------------------------
    Roger Willoughby
    Lead Auditor
    ------------------------------



  • 3.  RE: Incorporating the GDPR Into IT Audits

    Posted 04 Mar, 2020 02:12
    A very useful article. Nicely presented. Thanks Ian!!

    Nalin

    ------------------------------
    Nalin Wijetilleke MBA, CISA, CGEIT, FBCI, PMP, CMC
    2019 Online Forum Topic Leader
    Managing Director, ContinuityNZ Ltd.
    ------------------------------



  • 4.  RE: Incorporating the GDPR Into IT Audits

    Posted 04 Mar, 2020 02:46
    Thanks a lot. Very useful information nowadays where GDPR is taking a lot of time and effort.

    Johan

    ------------------------------
    Johan Jacobsen
    IS Auditor
    ------------------------------



  • 5.  RE: Incorporating the GDPR Into IT Audits

    Posted 04 Mar, 2020 05:57
    Interesting, nice article.

    We are implementing the "LGPD" (i.e. brazilian GDPR) law this year in Brazil. So, as you mentioned, after two years of GDPR has started, several points must be checked for any specific personal information prior to deploy your system, otherwise you can be reported, billed and in some cases, your system can be withdrawn from the market.

    Biometrics, face recognitions are here and should be carefully revised before deployed.

    Marcelo Muzilli

    ------------------------------
    Marcelo Muzilli
    Big Data & Cybersecurity specialist
    ------------------------------