Despite all the commotion about this “new” regulation, it must be said that it is a replacement of the Directive Protection Personal Data that was already in existence since 1996.

Some of the new focus areas are:

  • register of data processing and data subjects
  • data breach process
  • data privacy impact assessment (DPIA)
  • processing agreements
  • higher fines
  • greater transparency in the protection of data subjects
  • transfer of data inside and outside the EU
  • certification

A citation by the Data Protection Authority (DPA) shows a greater understanding of the need to reduce complexity: “A quality (ISO 9001:2015) or information security ISO/IEC 27001:2013 management system can be used to meet the minimum requirements of GDPR.”

Implementation of the GDPR technical standard is not as complicated as is often made out – Quadra has already assisted a number of organisations (multinationals as well as small &  medium enterprises) to incorporate GDPR requirements into existing or new management systems.

Interested to learn more about how we can help you – contact us for a discussion.

The regulation was published on 04-05-2016 and became effective from 25-05-2018.