Auditing Privacy and Data Protection Risks, 3rd Edition
Global Guidance | Global Practice Guide (GPG) | Recommended | Issued and Effective | May 13, 2026
Privacy and data protection sit at the center of today’s risk landscape. As data volumes surge and regulations tighten worldwide, organizations face growing legal, operational, and reputational pressure. This guidance shows how internal audit can deliver value by evaluating governance, accountability, and controls across the full data lifecycle. It delivers a practical, flexible audit approach grounded in global privacy frameworks and is adaptable to different industries, technologies, and risk profiles.
Complementary tools, including a Risk and Control Matrix and a RACI matrix created specifically for this audit scope, help bring structure to scoping, testing, and documentation that will enable sharper insights, stronger assurance, and provide actionable insights.
The guidance replaces “Auditing Privacy Risks” published in 2012.