Post by account_disabled on Dec 4, 2023 8:18:46 GMT
Audit activities performed First the IOD should verify such an agreement in terms of provisions regarding the protection of personal data As a rule auditors act as a separate personal data controller This results from the position adopted by PUODO in response to a question asked by the Polish Chamber of Statutory Auditors see https uodo gov pl pl The supervisory authority has clearly stated that audit firms due to the purposes of processing and the applicable legal provisions act as a separate data controller.
Therefore prior to the due diligence conclude a data Phone Number List processing agreement with an audit firm However it is necessary to verify the provisions regarding the protection of personal data During due diligence the most important thing from the perspective of personal data protection is to pay attention to the implementation of the principle of personal data minimization In accordance with the principle of data minimization only personal data that are actually necessary to achieve the purposes of processing should be processed Before starting the due diligence examination it is necessary to jointly determine with the auditing entity.
What scope of personal data is necessary to conduct an examination of the legal status of the enterprise Due to the above it is recommended Determining before starting due diligence the scope of personal data that is actually necessary to conduct the research The auditing entity and the entity providing access should be able to justify the purposefulness of the data transferred Where possible make documents available in anonymized or pseudonymized form Acquisition of an enterprise what about consents information obligations entrustment.
Therefore prior to the due diligence conclude a data Phone Number List processing agreement with an audit firm However it is necessary to verify the provisions regarding the protection of personal data During due diligence the most important thing from the perspective of personal data protection is to pay attention to the implementation of the principle of personal data minimization In accordance with the principle of data minimization only personal data that are actually necessary to achieve the purposes of processing should be processed Before starting the due diligence examination it is necessary to jointly determine with the auditing entity.
What scope of personal data is necessary to conduct an examination of the legal status of the enterprise Due to the above it is recommended Determining before starting due diligence the scope of personal data that is actually necessary to conduct the research The auditing entity and the entity providing access should be able to justify the purposefulness of the data transferred Where possible make documents available in anonymized or pseudonymized form Acquisition of an enterprise what about consents information obligations entrustment.