GDPR & corporate governance: The Role of Internal Audit and Risk Management

FERMA ECIIA GDPR report

This paper, which is a collaboration between FERMA and the European Confederation of Internal Audit Institutes ECIIA, focuses on the impacts of the GDPR on corporate governance practices in the year following its implementation. Most specifically, it looks at the roles played by internal audit departments and risk management functions.

Using surveys and targeted interviews, the partners gathered input from internal auditors and risk managers from various industries throughout Eu­rope to meet the following objectives:

  • Promote good governance alongside the General Data Protection Regulation (GDPR).
  • Assess the current situation and identi­fy issues and recommendations for the GDPR.
  • Collect best practices regarding good govern­ance for GDPR implementation, including the roles of internal audit and risk management.

Prior to the effective implementation of GDPR in May 2018, most European organisations invested significant efforts to comply with the regulation. As a result, substantial progress has been made in integrating GDPR compliance into existing cor­porate governance frameworks, as well adapting corporate governance to address GDPR challeng­es.

Across Europe and beyond, compliance with the GDPR, or more accurately, compliance failures, has gained significant attention. Organisations need to respond to stakeholders’ concerns about per­sonal data, and boards need independent opinion.

The next review of the GDPR, the reports states, should recognise the relevance of a corporate governance frame­work, such as the Three Lines of Defence model, to embed the management of privacy risks in the organisation. It should also preserve the organi­sation’s ability to innovate. Data protection risks will decrease if the imple­mentation of the GDPR is integrated in all busi­ness processes.

The first part of this report gives the key find­ings from the research and recommendations for stakeholders: European authorities, organisation governance bodies and practitioners, including internal auditors, risk managers and DPOs.

The second part of the report explains the major findings used to support the recommendations.

A webinar will follow on Thursday 5 December at 16:00 CET. During the webinar, speakers from the risk and internal audit professions will discuss the full findings including:

  • To what extent the risk manager is involved in the GDPR corporate implementation;
  • How GDPR has affected the interactions between risk management and the Data Protection Officer (DPO)?
  • What are the best practices and recommendations to embed personal data protection in the risk governance of your organisation?

Click on the cover to read the report "GDPR and corporate governance"

Share with others

Subscribe to our newsletter

* indicates required
Interests

By subscribing to our newsletter, you agree that we may process your information in accordance with our Privacy policy.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at enquiries@ferma.eu.

We use MailChimp as our marketing platform. By subscribing to our newsletter, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp’s privacy practices here.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.