Inspections and data protection audits from regulators are on the rise across Europe, and this trend is likely to continue. The latest figures for 2012 show that the French data protection authority (Commission Nationale de l’Informatique et des Liberte´s or CNIL) completed 458 inspections, a 19 percent increase from 2011. The number of inspections has been steadily rising since 2004, when CNIL’s enforcement powers—and later on, its budget—were significantly increased. The Bavarian data protection authority conducted 13,404 off-site audits and 20 on-site inspections in 2012, compared to 50 off-site audits and 12 on-site inspections during the previous year. Perhaps not surprisingly, the number of sanctions imposed has quadrupled over the last five years. The Polish Inspector General for the Protection of Personal Data(GIODO) conducted 199 inspections in 2011, and the U.K.’s Information Commissioner’s Office (ICO) completed 58 audits in 2012/2013, and 42 audits in 2011/2012, compared to only 26 in the previous year.
Companies need be proactive and take steps to dealing with a data protection audit. Any regulatory inspection is a burdensome undertaking, and inspections carry the risk of noncompliance being exposed, sanctions, adverse media attention and damage to reputation. Sometimes noncompliance is only identified after an inspection has been carried out. Even for fully compliant organizations, inspections bring disruption to the conduct of normal business.
Originally published in Privacy & Security Law Report on September 16, 2013.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.