The purpose of the personal data processing is to facilitate the activities of the Internal Audit Capability (IAC). The IAC is responsible for giving independent and objective opinions on the adequacy and reliability of internal control systems in place, and for making recommendations with the aim to improve the economy, efficiency and effectiveness of the Agency’s activities. The IAC assists the ED (Executive Director) and the management of EASA in controlling risks and ensuring compliance with the applicable legislation and rules. In the course of the audit work, the IAC has access to all data held by the Agency and can request access to data held by third parties who have contractual relations with the Agency. As the area of activity of the IAC is very broad, different types of personal data, sometimes even of a sensitive nature, might be processed.