The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

ISACA Issues New Resources for Auditors to Assess and Maintain GDPR Compliance

Schaumburg, Ill. (23 October 2018) — The 25 May 2018 enactment of the General Data Protection Regulation (GDPR), a European Union regulation, thrust many auditors into positions of even greater responsibility: serving as critical resources in complying with the new rules governing the use and manipulation of personal data.


Months after implementation, many auditors are still navigating these changes and working to ensure their audit programs address all the new requirements of GDPR. To meet their needs and provide guidance and best practices, ISACA, in partnership with ACL, has released a new complimentary white paper, How to Audit GDPR.


Exploring six of GDPR’s principles—lawfulness, fairness and transparency; purpose limitations; data minimization; accuracy; storage limitations; and integrity and confidentiality—How to Audit GDPR identifies where GDPR can be considered within an enterprise’s strategic audit plan. The white paper also compares the roles of data controller and data processor under GDPR, and it outlines the responsibilities that data controllers have in working with third-party data processors.


“Auditors play an integral role in ensuring enterprises are compliant with complex GDPR requirements,” said Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, Director of Information Security and IT Assurance at BRM Holdich and chair of ISACA’s Women’s Leadership Council. “These new resources provide the clarity and guidance to support auditors in their efforts to build these new considerations into their annual audit plans.”


Auditors can gain additional tools and insights into the GDPR auditing process through ISACA’s new GDPR Audit Program Bundle, which is US $49 for ISACA members and $79 for non-members and includes the following components:


● An instructional overview (PDF file)
● GDPR Audit Program—Enterprise: a comprehensive GDPR audit program geared primarily toward large enterprises (Excel file)
● GDPR Audit Program—Technical: a selection from the comprehensive program above that focuses on technical aspects of GDPR compliance (Excel file)


In addition, professionals can learn more by attending the free hour-long webinar from ISACA and ACL, Delivering Efficient Ongoing Assurance of Your GDPR Program, on Thursday, 25 October, at 6AM CDT. Tom Faraday, senior product manager at ACL Europe, and Steve Connors, partner at Haines Watts, will discuss how to effectively and efficiently conduct GDPR audits in support of an organization’s data protection officer and leadership.


For more guidance and information around GDPR, including interactive learning options, resources and news, please visit



Nearing its 50th year, ISACA ( is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters worldwide and offices in both the United States and China.