Privacy audits

In cooperation with our professional association NOREA and NIVRA the Dutch Data Protection Authority (College Bescherming Persoonsgegevens, CBP) established the Privacy Audit Framework for conducting a privacy audit in an organization by a qualified auditor. The Framework is based on nine clusters. The result of a privacy audit, gives the management of an organization a high degree of certainty how the protection of personal data in the organization is ensured.

On the base of a positive opinion from a s-called privacy auditor, the organization responsible – under certain conditions – is authorized to use the logo or mark “Privacy-audit-proof”. This assessment of the privacy audit is based on Directive 3600 “Assurance engagements relating to the Protection of Personal Data (Privacy audits). The purpose of this directive is to establish principles and guidance for the implementation of assurance services in this area. It is a response to the increasing demand from the market to a third independent assessment of the system of measures and procedures of an organization regarding the protection of personal data.

The privacy protection in the Netherlands is since 2001 governed by the Personal Data Protection Act (WBP). Virtually every organization in the Netherlands has to do with this law. To assist organizations in determining how it complies with the WBP, in consultation with the NIVRA and NOREA, Project Development audit products Privacy Protection Act (WBP) started. This has led to four products that are usefull to determine how an organization complies with the WBP. In addition, through an external assessment and certification can be made. It can be implemented by a Registry EDP auditor (RE) or Chartered Accountants (RA) who have sufficient knowledge and expertise on the WBP and the information technology resources to the assessment under the Directive to be implemented.

Source: website https: / / an initiative of the NOREA and NIVRA, together with the Dutch Data Protection Authority.