GDPR and ISMS-Software
Since May 25, 2018 the EU General Data Protection Regulation is used by companies and thus the data protection in the European Union is first put on uniform legal basis.
Who injure the taken rules has to expect sanctions till 20 million euro or 4 percent of the global annual sales.
Apart from that in the transition period till the taking effect of the EU GDPR it has to exist further specifications for some rules, the effort of the reposition to the new legal requirements don’t have to be underestimated and it has to be soon began with the adaptation processes to the new rules.
Through new additional requirements in relation to the data protection with risk management and information security the GDPR has effects on the company organization, the governance, the processes and the resources.
The Article 32 GDPR explains that suitable technical and organizational measures have to be made to ensure a suitable protection level. That implies the establishment of a suitable management system to report and verify the compliance of the measures. All companies who already have implement a working information protection management system based on ISO 27001, are at an advantage. Through the combination of data protection and information security management are the claims of the lawmaker for a regular proof of the efficiency of established measures in relation to Corporate Governance, Data Classification, Storage Respites, IT monitoring and compliance requirements easier implemented.
The GDPR has in regard to management systems hints which are necessary for each process oriented company. The General Data Protection Regulation doesn’t exhaust in a singular construction but in a continuous process which always has to be refined. In this context the Plan-Do-Check-Act cycle (PDCA-cycle), which is already known in the information security, is also relevant for the data protection, implementation of risk assessments, creation and implementation of suitable measure planning, internal and external audits, assessment of the maturity level and the implementation of corrections.
A multi-norm system like QSEC, which provide already implemented contents starting from the ISO 27001, the Federal Data Protection Regulation, content of data protection and much more international standards, is the solution for companies, which want to save time and money in the implementation of the GDPR