Internal audit focused on GDPR practices
Hansel’s Board of Directors selected verification of compliance with the requirements of the EU General Data Protection Regulation (GDPR), which entered into force in May 2018, as the theme of the annual internal audit.
The audit focused on auditing processes and practices related to data protection, data protection instructions and other existing documentation. The audit confirmed that Hansel has properly handled all the matters required by the GDPR.
No observations that were classified as major were made, and the only significant observation involved the preparation of a data protection risk assessment model and risk assessments. The report also included a recommendation that the data security policy prepared by the Executive Committee should also be approved by the Board of Directors. The data security team was charged with the preparation of the risk assessment model. Financial administration regularly conducts risk assessments together with an expert. A data protection perspective will be added to the risk assessments in the future.
Hansel had prepared well for the entry into force of the GDPR. The company lawyer and data security manager were in charge of the preparation and related training. They also acted as internal consultants during the preparation project. All category managers in charge of framework agreements were obligated to update their agreements to comply with the GDPR.