Organizations should carry out audits regularly to verify how well their compliance plan, especially their policies and procedures are translating into practice. These would include external audits, short desk audit, and in-depth desk audits. An audit serves as a control mechanism and might identify vulnerabilities, irregularities, or systemic weaknesses regarding the organization’s handling of data, i.e. compliance with data protection principles before a breach occurs.
