GDPR: The countdown is on - 7 months until implementation

Deadline is May 25, 2018, on this date the General Data Protection Regulation (GDPR) must have been transposed into law in the EU and EEA member states. For this purpose, the Federal Republic of Germany has already passed a corresponding transitional law (Datenschutzanpassungsgesetz (DSAnpUG-EU)).

What ways are there to integrate the requirements of the GDPR into a company, implement them, and - perhaps more importantly - keep them up to date?
Many requirements of the GDPR are aimed at controlling changes in processing processes or information systems that process personal data. The justification for data processing must always be maintained above all. Furthermore, it should be derived from this whether and what additional measures need to be introduced to protect the data. Some requirements are aimed at obtaining consents or meeting deadlines. So what could be closer than to use a systematic approach to control these requirements? Literally speaking: a management system?

The GDPR itself suggests in Art. 42 that a certification mechanism can be a key element in fulfilling the GDPR. Therefore, it is worth taking a look at the world of standards. Here, it can be filtered out which approaches are available that can be immediately used to establish and operate a data protection management system (DPMS). The management system helps to control processes and implement the requirements in a verifiable manner.

Get a first impression of how to implement the GDPR within an ISMS at the qSkills™ Security Summit, which will take place on October 9 as part of the run-up to it-sa 2017 in Nuremberg. In addition, the topic will be discussed in more detail as part of the Congress@it-sa.