What arrangements are in place to ensure GDPR compliance in the audit contracts?

The contracts that provide for PSAA to appoint the auditor to an opted-in authority are between PSAA and the audit firms, and authorities are not party to the contracts. Once appointed, an audit firm has a statutory relationship with the authority. Our contracts require audit firms to comply with the requirements of all relevant legislation, including on data protection. The contracts themselves are commercially confidential and are a matter between PSAA and each firm.