Within GDPR it is your responsibility as a controller to ensure that sufficient security measures are taken to protect personal data against abuse or breaches. To meet this obligation, you have the right to audit the processors acting on your behalf. How do you do this when you don’t have any experience within this field?
Why a processor audit by Cranium?
CRANIUM Business Essentials offers a structured approach to check the processor’s compliance with all obligations towards the GDPR and towards you as a controller. We will audit the processor regarding technological, organizational and procedural measures and compliance in general.
What is the outcome of the audit?
The audit report gives you insight on the risks at this specific processor and it will hand you the tools to act accordingly. We will also provide you a range of options to lower existing risks to an acceptable level. This gives you, as the controller, the opportunity to decide which tasks you need to prioritize to protect the personal data.
This audit can be an initial audit or a check-up at a later time. The approach will be the same. If this is a second or third audit at the same processor, the report will be adapted to the amount of progress the processor has made compared to previous audits.
This audit is not applicable to the major players in the market. The Processor Privacy Audit is aimed at partners that support a specific Business target of your organization and are willing or obliged to cooperate.
If you want to audit a big international player we strongly advise you to send your request to firstname.lastname@example.org for a tailor-made offering.