Random audits soon will be conducted by the Data Protection Supervisory Authorities (DPAs) for the German states of Lower Saxony and Bavaria. In July 2018, the DPA reached out to 50 companies with a questionnaire that included General Data Protection Regulation (GDPR) topics. Upon review of the answers, the DPA may then carry out additional on-site audits. The purpose of the audit, which will be published in May 2019, is to identify areas for further targeted audits, as well as areas where the DPA should provide further guidance and support. The Bavarian DPA also conducted a similar audit, which will be published on the DPA website as per prior practice.