How often do I need to complete a GDPR data audit? 

There is no definitive answer to this question, but there is a preferred approach. Instead of thinking about data audits and data mapping as something that is done monthly, quarterly or annually, companies instead should conduct data audits on a routine basis.

A good comparison to an effective data audit system is the process by which a grocery store records inventory of its products. An organization is obligated to maintain a regular inventory of the data they collect and store at any given moment, as data stores change with processing, similar to how grocery store inventory changes with restocks and purchases.

However, conducting formal reviews of the data audits and data processing at regular intervals that are time-bound are recommended. It is important to underscore though that organizations have an obligation to understand the data they are collecting and storing at any given moment per GDPR rules. Aside from the responsibility organizations have to simply track this for the sake of tracking it, they must maintain this inventory to comply with DSAR requests that may come in at any given time.

Get started with our GDPR checklist. 

Download the GDPR Checklist



This article is provided for general informational purposes only and is not intended to be legal advice.  By using the article, you agree that the information on this article does not constitute legal or other professional advice. The article is not a substitute for obtaining legal advice from a qualified attorney licensed in your state. The information on the article may be changed without notice and is not guaranteed to be complete, correct or up-to-date, and may not reflect the most current legal developments.