To assess whether a system or a processing activity complies with the essential requirements for data protection, the auditor must have the specific knowledge and experience to understand this. The audit should focus on the relevant key issues and exclude minor issues from the scope of the review. The results of the audit should be easy to understand and use, and should be capable of being implemented smoothly in the context of professional project and task management.
