The General Data Protection Regulation (GDPR) defines seven essential principles for the processing of personal data by controllers and processors:
- legality
- loyalty and transparency
- purpose limitation
- data minimisation
- accuracy
- limitation of conservation
- integrity and confidentiality (security).
The GDPR is a systematic and independent review to verify that an organisation complies with the GDPR, with the aim of ensuring compliance with its duties under the regulation and identifying potential areas for improvement. The audit report provides a detailed analysis of the organisation’s level of compliance with the GDPR, including assessment of processes, compliance status and recommendations for improvement.