Audits and impact assessment

Regular audits are one of the many data protection obligations that the GDPR imposes on controllers and processors. A reliably conducted audit makes it possible to identify the strengths and weaknesses of the implemented solutions and make the necessary adjustments. This helps ensure the compliance of personal data processing with the GDPR.


The ftl team has extensive experience in conducting GDPR audits of both small businesses and entities with complex organisational structures operating in various industries. As part of the legal audit, our assessment is primarily focused on the documentation including instructions and procedures for staff. The final stage of the audit is the preparation of a clear report in which we indicate, amongst other things, the areas in which changes are needed.

As part of the audits, ftl specialists also conduct training and workshops for our clients’ personnel. The main objective of the training events and workshops we conduct is to share practical knowledge, matching the organisation’s activity and personal data protection problems most frequently encountered by the client. Training sessions, at the request of the client, can be delivered online.

As part of its services, the ftl team offers the following:

  • pre-audit, which is generally carried out prior to the implementation of the GDPR in the organisation. The results make it possible to assess what measures should be applied to ensure the compliance of the processing of personal data with the GDPR
  • interim audits, which are designed to assess the correctness of the solutions implemented to date, take into account not only legal regulations but also guidelines from supervisory authorities.

Data protection impact assessment

A data protection impact assessment (DPIA) should be carried out if a particular type of processing, in particular using new technologies, is likely to give rise to a high risk of violation of the rights and freedoms of natural persons.

The ftl team offers legal support in carrying out a DPIA in accordance with recognised methodologies. As part of this service, ftl specialists advise on whether a DPIA is required in a particular situation and then provide support in identifying the sources of risks associated with the processing of personal data within a specific process, assess the risks in accordance with the methodology developed and provide support in preparing a plan to minimise or eliminate the risks which have been identified.