- …
- Our documents
- Audits
Print
Audits
As part of our supervisory work, we carry out audits in the EU institutions.
Inspections allow us to verify how data protection is applied in practice at an EU institution.
We choose to inspect an EU institution by taking into account a number of factors, including the results of our risk analysis, whether special categories of data are processed, the time elapsed since the last audit and whether there has been an increase in the numbers of complaints.
We also ensure that we cover institutions, bodies and agencies of all sizes in our annual audit planning.
Audits or other on-site checks (for example, as part of our investigations) may also be triggered by complaints, if they require verification on the spot.
Our supervisory work also requires us to regularly audit several large-scale IT systems : at least every four years for the Visa Information System and the Schengen Information System and at least every three years for EURODAC.
The reports of our audit are not made public, but we do periodically summarise these, for instance in our newsletter and annual report.
You may also want to check our Factsheet on the topic and the remote audit on Article 25.
Filters
6
Dec
2021
12
Apr
2021
Report on the remote audit of information provided to data subjects when they sign up to newsletters and other subscriptions
Outcome of the EDPS' remote audit on how European institutions, bodies and agencies (EUIs) inform individuals about the way their personal data is processed when signing up to newsletters, case 2020-0611.
2
Apr
2020
Report on remote inspection of publicly accessible registers under Article 31(5) of the Regulation
The EDPS has published guidance to EU institutions and bodies (“EUIs”) regarding the records of processing operations. The EDPS had previously clarified that making the register “publicly available” means publication on the internet. While initially May 2020, i.e. two years after the entry into force of the GDPR, had initially been announced by the EDPS as target date for implementation of this obligation, the EDPS noticed upon entry into force of Regulation 2018/1725, that the new Regulation contained no grace period regarding this obligation.
Topics
14
Nov
2019
EDPS Inpection Report TFTP
EDPS inspection on Europol's compliance with Article 4 of the TFTP Agreement.
Topics