GDPR compliance auditing will be new to many organizations that have never been under a compliance regulation before. Therefore, many of the logistics around the preparation, ongoing compliance, and audits related to the GDPR will be foreign. One of the key aspects of any compliance regulation, especially the GDPR, is proving you’ve taken the minimum measures to secure the personal data protected by the GDPR.
Securing data is the first step. However, you also need to ensure that you test not only your security, but all other aspects of your environment to ensure that you are meeting GDPR regulations. Here is a short list of settings and other technologies that you will need to test with regard to GDPR data:
For each of these tests that you perform, you should keep a record of the date, process, and results that you can provide to auditors. This will go a long way in proving that you are meeting the minimum requirements of the GDPR and you are maintaining the security of your data.