Data Protection Audit: The German Experience

Fischer, Philipp E.

doi:10.1007/978-3-642-33081-0_12

Philipp E. Fischer³

1604 Accesses
1 Citations

Abstract

As prelude, this chapter touches on definition and indicators of a Data Protection Audit. It will then describe its legal and technical prerequisites such as auditor competence, requirements of the law, requirements of ISO standards and best practice catalogs. The next sections examine the objectives of a Data Protection Audit within the corporate development and subsequently the conception of a Data Protection Audit. The final and main section draws the attention on what I named as: “Practical Guide”—that is, how to manage a Data Protection Audit “step-by-step”.

We always take these audit findings seriously. We are always looking to improve. (Steve Pierce, President of the Arizona State Senate since 10^th November 2011 to date)

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 16.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Hardcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Federal Data Protection Act (“Bundesdatenschutzgesetz” or “BDSG” - as of 1 September 2009), http://www.bfdi.bund.de/EN/DataProtectionActs/Artikel/BDSG_idFv01092009.pdf?__blob=publicationFile. Accessed 1 June 2012.
2.
https://www.bsi.bund.de/EN/TheBSI/thebsi_node.html.
3.
Based upon W. Edwards Deming. Deming proposed a four-step-process (plan-do-check-act), also known as the PDCA cycle. He believed that a successful quality improvement and management programme would follow the plan-do-check-act cycle of events (Deming 1985).
4.
Based upon Joseph M. Juran, who suggested the principle and named it after Italian economist Vilfredo Pareto who noticed that 80 % of Italy’s land was owned by 20 % of the population; gradually, the Pareto-Principle has been applied to other relationships and it is nowadays a common rule of thumb in business (Juran 1974).

References

Deming WE (1985) Out of the crisis. MIT Centre for Advanced Educational Services, Cambridge
Google Scholar
Juran JM (ed) (1974) Quality control handbook, 3rd edn. McGraw-Hill, New York, pp 2-16–2-19
Google Scholar

Download references

Author information

Authors and Affiliations

SuiGeneris Consulting, Gernotstr. 4, Munich, 80804, Germany
Philipp E. Fischer

Authors

Philipp E. Fischer
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philipp E. Fischer .

Editor information

Editors and Affiliations

Quotient Consulting, Duffell House 29, London, SE11 5PX, United Kingdom
Noriswadi Ismail
Christopher Lee & Co, Jaya One Section 13, Petaling Jaya, 46200, Malaysia
Edwin Lee Yong Cieh

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Fischer, P.E. (2013). Data Protection Audit: The German Experience. In: Ismail, N., Yong Cieh, E. (eds) Beyond Data Protection. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33081-0_12

Download citation

DOI: https://doi.org/10.1007/978-3-642-33081-0_12
Published: 02 November 2012
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33080-3
Online ISBN: 978-3-642-33081-0
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)

Publish with us

Policies and ethics