The European privacy regulation (GDPR/AVG) has been in effect since May 25, 2018. With this legislation, the liability risks for companies have expanded and increased. Is your organisation aware of the requirements and obligations imposed by this privacy law?

The General Data Protection Regulation (GDPR), also known as the Algemene Verordening Gegevensbescherming (AVG), requires companies to handle personal data more transparently. Understanding your data is an important step for achieving this. Ultimately, companies need to find a balance between collecting personal data and protecting this data.

With the Privacy & Data Protection service, Auren helps your organisation develop a suitable privacy policy and implement measures in your business operations to comply with European regulations. Our professionals and specialised partners approach Privacy & Data Protection in a practical and accessible manner. Together with you, we will assess to what extent your organisation complies with the regulations regarding privacy and its protection. We aim to reduce risks and vulnerabilities quickly, appropriately and without significant investments.

Privacy check
Do you want to know whether and to what extent your organisation complies with privacy regulations? Then do the privacy check! The result of this privacy check is a clear report that provides insight into the maturity level of privacy in your organisation. Based on this report, a step-by-step plan can be made for you become privacy compliant and suitably address any existing privacy risks.
In addition, there have been recent updates and proposed reforms to the GDPR procedural rules to improve the efficiency and harmonisation of GDPR enforcement actions.

A Privacy Impact Assessment (hereinafter, PIA) systematically provides insight into what is actually done with data, what the benefits are and what (negative) risks the individuals whose data is processed may face. A PIA allows an organisation to make informed choices to prevent any harm to the individuals involved.

In some cases, conducting a PIA is mandatory. Auren can perform a PIA for you. Afterwards, you will have insight into any privacy risks and, wherre possible, can take measures to address them.

When another party processes personal data, it may be necessary to designate them as a processor. Based on privacy regulations, you are then required to establish a processor agreement with this party.

In addition to the mandatory nature of a processor agreement, this agreement is relevant for protecting your organisation. Besides aspects such as information security and the handling of personal data, it makes it possible to attribute liability. If you do not arrange the latter in an agreement, you, as the controller, are liable if a data breach occurs with the processor. Auren is happy to help you draft a balanced agreement.

Data breaches sometimes need to be reported to the Data Protection Authority (the regulator) and/or the individuals concerned. Whether your organisation actually reports a data breach is up to you. Failing to report a data breach (in a timely manner) can have far-reaching consequences, such as fines and reputational damage. Auren can help you decide whether or not to report the data breach and establish a protocol tailored to your organisation so it might report to the Data Protection Authority within 72 hours. By thinking about data breaches in advance, they can be limited, and appropriate rapid action can be taken if necessary.

Your control environment is designed to achieve set goals. For this purpose, processes, procedures and control measures are established, and various officials are involved. However, the question is whether these internal control processes and procedures are effective and efficient.

The proper set-up of your administrative organisation

A sound administrative organisation is essential for obtaining reliable management information and for properly accounting for finances. This is characterised by the 6 Ws: who (official), what (which data), why, when, with what (which tools) to process and where the data goes. Within the context of financial statement audits and subsidy audits, conditions are often established for the set-up of a company’s administrative organisation.

We are happy to help our clients review the effectiveness and efficiency of any internal processes, procedures and governance issues. In addition, our professionals can advise on the set-up of administrative organisations. Examples include advice on setting-up projects and contract administration.

IT plays a central role in almost all business processes. Applications, platforms, IT processes and management have become indispensable for efficient and reliable business operations. A well-functioning IT environment is not only important for daily operations, but also essential for the quality of internal and external (financial) reports and for responsible decision-making.

During our annual audits, we pay explicit attention to relevant components of your IT environment. The emphasis is on the reliability of the data processing within your information systems and on the measures to ensure the continuity and integrity of those systems. Our findings and recommendations are shared with you clearly and practically.

In many cases, our approach is primarily IT-driven. This means that we leverage the safeguards present within your IT systems. In addition, we deploy digital tools in areas such as process mining, data analysis, reading system settings, and assessing the authorization setup and associated IT General Controls. This approach enables us to identify risks in a more focused way and to set up controls more effectively and efficiently.

In addition to this comprehensive approach, we also conduct targeted IT audits in the context of specific assurance requests from you or third parties, such as in the preparation of an ISAE 3402 statement.

Examples of additional support:

• Sparring partner for data or system conversions.
• Evaluation of effectiveness and efficiency of IT-supported processes
• Guidance on the deployment of consolidation software
• Advice and support in the use of data analysis tools

For a comprehensive overview of our IT Audit & Services services.

We advise and provide support for the conversion and implementation of international reporting standards, including IFRS. We help you transition to IFRS by identifying the differences compared to existing (local) reporting standards. In addition, we advise and support you in the development and implementation of accounting manuals.

The external accountant is your partner for conducting your financial statement audit. This includes statutory audits, voluntary audits, regulatory audits and group audits. We also have the knowledge and expertise to perform and/or manage a consolidated financial statement and audits at foreign branches. Our audit professionals are multilingual and can communicate in English, German or French, as needed. When auditing companies abroad, we use our audit professionals abroad or use our network partners.

Our audit work is aimed at providing targeted assurance to third parties regarding the reliability of your financial reporting. Financial reporting is the sum of the transactions, processes, procedures and guidelines. This means that we pay attention to these aspects in our audit and share our findings with you.

Conditions of contracting parties, requests from stakeholders and commercial considerations of the company often form an important reason for a specific (assurance) engagement.

You can engage our assurance professionals to provide assurance in a report for third parties. This includes special audit engagements (including subsidy audits), reviews of interim figures and providing an opinion on specific reports. Providing certainty regarding such a report is called assurance.

Our professionals are happy to discuss with you to in order to align the information needs of you and your stakeholders. Our goal is to perform meaningful work and report on it. Other examples of our services include:

• Royalty audits
• Advice and statements regarding (cross-border) contribution, merger and demerger transactions
• Pre-audit services