With the EU GDPR project, an internationally active service provider pursued the adaptation to the European General Data Protection Regulation, which came into force in May 2018.

The law aims to standardise European data protection guidelines. The numerous changes to data protection pose a major challenge for many companies. The stricter guidelines and significantly higher fines for violations make action essential.

The first step was to carry out an analysis of the current situation and gap in the company with the aim of defining the necessary fields of action. This involved analysing the conditions and processes at headquarters as well as in the approximately 70 European companies. Based on the results of the gap analysis and the comparison of the new requirements, a comprehensive catalogue of measures was developed.

In the second step, a data protection organisation was set up for the Group. A person responsible for implementation was appointed for each company or Group division. Following intensive training of those responsible, the central project team managed and supported the implementation. Support was provided in the form of advice and the provision of the tools required for implementation. The progress of the project and the management of the implementation were regularly monitored by consolidating and evaluating the feedback. The implementation of the measures was monitored in close cooperation with those responsible.

In addition to the project objective of “compliance with the EU GDPR”, the project also laid the foundation for future requirements in the areas of data protection, data security and information security. The cloud security project is currently being evaluated via these structures and will be implemented at a later date.