Assessment of personal data processing in public authorities

On September 13th 2023, the National Centre for Personal Data Protection organised a training course on personal data protection for internal auditors in public authorities, at the request of the Ministry of Finance (MF). The MF jointly with central public authorities carries out horizontal internal audit missions, the topic of common interest identified for 2023 being “Assessment of personal data processing in public authorities“.

The aim of the training course was to increase the visibility and publicise the role of internal audit in adding value and improving the work of the entity, including risk management, control and governance processes, through the lens of personal data protection legislation.

During the event, important topics were discussed, such as: definition of general notions related to the field of personal data protection, rights of personal data subjects, processing of special categories of personal data, personal data protection requirements in the exercise of official duties, ensuring security and confidentiality of personal data processed, Data Protection Officer (DPO) issues; Data Protection Impact Assessment issues, etc.

The training course was interactive, trainers providing methodological and advisory support to the participants in carrying out the horizontal audit mission. At the same time, multiple practical examples were presented in order to increase the perception of internal auditors on the principles of personal data protection.

The event was attended by about 50 internal auditors from 30 public authorities.