The influential Bavarian State Office for Data Protection Supervision (BayLDA) has Published information on its control activities. The BayLDA conducts regular data protection audits (cf. Art. 57(1)(h) of the GDPR), partly on the basis of complaints and tips, and partly spontaneously (“ad hoc audits”). The latter are usually carried out as so-called focused audits at individual companies, on site, in writing or as online audits automated via the Internet. The BayLDA also participates in supraregional audits.
Currently, the following audits are reportedly underway:
- Patch Management eCommerce Systems/Online Shops (Magento)
- Information requirements in application procedures
- Ransomware in medical practices
- Accountability in large corporations.
The following tests are planned:
- Deletion of data in ERP systems (SAP)
- Data protection breaches at (sub)contractors
It is expected that the BayLDA will also conduct or will conduct audits, in particular, of internationally active groups.