Share with your friends

Assurance for GDPR compliance

Assurance for GDPR compliance

Assurance for compliance with the General Data Protection Regulation based on ISAE 3000.

Assurance for compliance with the General Data Protection Regulation based on ISAE 3000.

GDPR entered into force on 25 May 2018. Although the manner of addressing specific requirements stemming therefrom is a serious challenge to be faced by each organization, the regulatory objective outlined by the European Union is clear - we must protect personal data adequately to their value, which is constantly growing in the digital world. KPMG assurance will provide you with an independent confirmation of the correct implementation of the new rules and thus show your clients that their personal data is protected with due diligence.

GDPR, or the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to processing of personal data (i.e. the General Data Protection Regulation – the so-called GDPR), adopted in April 2016, means also new domestic provisions, guidelines, standards and best practices.

Complexity of the matter, absence of court decisions based on new provisions, and the volume of personal data processed make each organization face considerable challenges connected with the regulation implementation. Irrespective of the above, from 25 May 2018 we must fully comply with the principles of the regulation. Thus, the organizations processing personal data now face a new challenge: how to prove GDPR compliance to the world.

The answer to this question is a voluntary certification mechanism, provided for by the regulator in Recital 100 of GDPR. Since at present there are no clear guidelines concerning the certification mechanisms in Poland and Europe, we offer you a certificate based on the international standard on assurance engagements ISAE 3000.

Certification based on ISAE 3000 demands that the organization introduces a standardized personal data processing procedures that allows, in a repeatable manner, to implement GDPR-imposed principles, such as: lawfulness, fairness and transparency, purpose limitation, integrity or accountability. All those main principles translate to practical control mechanisms in business processes based on personal data, which operational effectiveness affects the data manner of processing and protection level.

Assurance by the independent auditor provided to you will confirm full GDPR compliance both within the organization (employees data) and in external relations (client or contractor data).

Connect with us


Want to do business with KPMG?


loading image Request for proposal