According to a report from the Irish Data Protection Commissioner, “data controllers” should “regularly audit their holdings of personal data and the procedures they have in place to protect this data.”