A medium-sized manufacturing company has seen the legal obligation to align with the new EU privacy protection regulation in order to avoid the high penalties that threatened it.
Given the vast amount of contradictory information in the media and other channels of information, the starting point of the regulatory alignment process was education about the myths and facts about GDPR. This step enabled the company to correctly identify parts of their business that came into contact with personal information. The project team held detailed talks on the ways of working and business processes which are the basis for alignment with GDPR. The result of the inventory of business processes was the analysis of discontinuities that identifies areas where changes are needed to comply with regulatory obligations. The measures for aligning the business with GDPR, such as reducing the number of people who have insight into individual data or introducing better digital access to sensitive data access, were deployed.
Implementation of up to 40 proposed organizational, protective or other measures in the organization eliminated the unnecessary circulation of documents through the company and increased the security of the company’s physical and digital resources. All of these steps in the organization were recognized as enhancing the existing situation, which will, besides the protection against penalties, optimize its work and strengthen the security access.