What to Do When the Privacy Regulator Comes Knocking on Your Door? A Short Guide to Handling Inspections and Data Protection Audits in Europe
Inspections and data protection audits from regulators are on the rise across Europe, and this trend is likely to continue. The latest figures for 2012 show that the French data protection authority (CNIL) completed 19% more inspections from 2011. The number of inspections has been steadily rising since 2004, when CNIL’s enforcement powers—and later on, its budget—were significantly increased.
Companies need be proactive and take steps to deal with a data protection audit. Any regulatory inspection is a burdensome undertaking, and inspections carry the risk of noncompliance being exposed, sanctions, adverse media attention and damage to reputation. Sometimes noncompliance is only identified after an inspection has been carried out. Even for fully compliant organizations, inspections bring disruption to the conduct of normal business. In light of increasing DPA powers, the rising number of inspections, and the risks of sanctions that may follow, organizations operating in the EEA are advised not only to prepare for a planned, notified inspection, but to establish best practices, policies and procedures on how to handle all inspections.