There is a separate data protection management system establishing currently in companies, which brings the risk that the resources of an existing management system will not be used. Many companies already have a management system based on DIN EN ISO 9001. It offers you the opportunity to integrate the GDPR requirements and ultimately protects you as an entrepreneur from an increased consumption of resources. In addition, you achieve your independence from other external service providers.
The implementation of the GDPR requirements into a management system, such as DIN EN ISO 9001 can be easily achieved. A possible example of how the GDPR requirements can be integrated step by step into a management system:
- Structure of the data protection organization and responsibilities on the basis of the existing organizational structure
- Implementation of the data protection manual in the existing management manual
- Integration of data processing methods into the process map of the company
- Integration of the single GDPR requirements into existing business processes
- Integration of the Data Protection Impact Assessment (DPIA) into risk management (business opportunities and risks)
- Empowering management officers to assume responsibilities as data protection officer
- Carry out data protection audits in the context of internal system audits.
- Integration of data protection improvements into the existing suggestion scheme
- Implementation of activities for the management of external service providers in the procurement process, for example the management of the GDPR required order processing contracts (contract management)