Despite all the commotion about this “new” regulation, it must be said that it is a replacement of the Directive Protection Personal Data that was already in existence since 1996.
Some of the new focus areas are:
- register of data processing and data subjects
- data breach process
- data privacy impact assessment (DPIA)
- processing agreements
- higher fines
- greater transparency in the protection of data subjects
- transfer of data inside and outside the EU
A citation by the Data Protection Authority (DPA) shows a greater understanding of the need to reduce complexity: “A quality (ISO 9001:2015) or information security ISO/IEC 27001:2013 management system can be used to meet the minimum requirements of GDPR.”
Implementation of the GDPR technical standard is not as complicated as is often made out – Quadra has already assisted a number of organisations (multinationals as well as small & medium enterprises) to incorporate GDPR requirements into existing or new management systems.
Interested to learn more about how we can help you – contact us for a discussion.
The regulation was published on 04-05-2016 and became effective from 25-05-2018.