DS CWA 15499-1:2006

Personal Data Protection Audit Framework (EU Directive EC 95/46) - Part I: Baseline Framework

Scope

In this CWA a good practice audit framework for organisations to audit their processing ofpersonal data is presented.Besides guidance on the audit process, two sets of requirements arepresented in this framework:1. The first set of requirements ‘compliance with the principles of the Directive’ is about the personal data protection (PDP) system, that is the set of documented policies, codes of practice, guidelines and procedures the organisation has taken to achieve and retain compliance with personal data protection regulations, and whether personal data is in practice handled in accordance with this set.2. The second set of requirements ‘governance’ is about the internal controls aroundorganisation, process and technology the organisation has implemented to ensure thatpersonal data protection is addressed in a transparent, efficient and effective manner.