The New Normal: GDPR and Audit

The New Normal: GDPR and Audit
Author: Ian Cooke, CISA, CRISC, CGEIT, CDPSE, COBIT 5 Assessor and Implementer, CFE, CIPM, CIPP/E, CIPT, FIP, CPTE, DipFM, ITIL Foundation, Six Sigma Green Belt
Date Published: 27 April 2020

I am writing this blog under COVID-19 lockdown on the eve of my 25th wedding anniversary. Besides feeling somewhat guilty that I am at home while others are out in the frontline, working from home has left me more time to contemplate this milestone as, well, there is no commute and no colleagues to gossip with at the water cooler or when grabbing a coffee.  

One of the most striking things about the last 25 years has been the changes in my life. First, one must consider another person, one’s better half. Just when one learns to do this, there is a third person. Not only that, this third person demands all of one’s attention, day and night, to the extent that you think that you cannot cope. And when you finally get a handle on it, along comes a fourth! If I thought one child was work, well, two was certainly more than double the effort or, at the very least, it felt that way. But you know what? I coped, and I adapted. Each change became the new normal, and each had its own experiences and rewards. I have been lucky. 

And it is the same now in the audit profession. Over the years, changes are made in management, technology and regulations that require IT audit to adapt. One of the latest and most disruptive changes in recent years has been the General Data Protection Regulation (GDPR). However, given the elapsed time since it came into effect, GDPR should now be business as usual, or the new normal.

Certainly, IT auditors should be considering the regulation for all audits where personal data are processed. I discuss the areas that should be considered while auditing an application’s general IT controls in my ISACA® Journal, volume 2, 2020, column, “Incorporating the GDPR Into IT Audits.”

P.S. Both of my children have grown up to be fine young adults in their own right. I share this photo, one of my favorites, of my family at Niagara Falls in October 2018, in the belief that we are not currently living the new normal. This too shall pass.

Ian Cooke Family

Editor’s note: For further insights on this topic, read Ian Cooke’s recent Journal article, “Incorporating the GDPR Into IT Audits,” ISACA Journal, volume 2, 2020.

ISACA Journal