GDPR Compliance is an issue that concerns all private and public enterprises inside and outside the European Union, that in any way collect, process and manage personal data related to European Citizens.
All the prementioned private and public organizations are required, according to the new General Regulation (EU) 2016/679, to analyze the risks arising from their activities that may have an impact on the protection of such personal data. In addition, they are required to define prevention measures and to develop procedures and policies that will demonstrate that all the requirements of the Regulation are met.
The size of the expected fines (up to € 20 million or 4% of world turnover) should place in a very high level of the top management’s agenda the development of a Personal Data Management System, in order to meet all the requirements of the Regulation without any omissions.
On this basis, GDPR encourages, not forces, the implementation of Management Systems such as ISO 9001 and ISO 27001, which set the right structure for commitment, responsibility, monitoring, control, verification and continuous improvement of the taken measures.