All private and public enterprises inside and outside the European Union, as well as state authorities that in any way collect, process and manage personal data related to European Citizens, are required, according to the new General Regulation (EU) 2016/679, to analyse the risks arising from their activities and which may have an impact on the protection of such personal data.
In addition, they are required to define prevention measures and to develop procedures and policies that will demonstrate that all the requirements of the Regulation are met.
The size of the expected fines (up to € 20 million or 4% of world turnover) should place in a very high level of the top management’s agenda the development of a Personal Data Management System, in order to meet all the requirements of the Regulation without any omissions.
On this basis, GDPR encourages, not forces, the implementation of Management Systems such as ISO 9001 and ISO 27001, which set the right structure for commitment, responsibility, monitoring, control, verification and continuous improvement of the taken measures.
Benefits to your business: