Choose another country to see content specific to your location

//Select Country

EU-GDPR Compliance

Ensure compliance with regional and national data protection regulations

Ensure eu-GdPR compliance for your organization

The EU legal framework on data protection has been harmonized with the objective of establishing a high level of data protection, as highly standardized as possible, for the processing of personal data. The new EU General Data Protection Regulation (EU-GDPR), aimed at improving the protection of personal data, came into force on May 25, 2018.

The introduction of the EU-GDPR requires that all companies review existing data processes and create numerous new processes.  In addition, existing models, checklists and contractual documents must be revised. Furthermore, technical and organizational measures must be adapted. Organizations that fail to comply with the new regulation face fines of up to 20 million Euros or 4 percent of their global annual turnover.

Key requirements of the EU-GDPR

Some central aspects of the EU-GDPR have been listed below.  

Processing of personal data for clear and legitimate processes only: Generally, personal data must be saved in a form and manner that enables the data subjects to be identified only for as long as this is necessary and for the purposes for which these data are processed. Once they are no longer needed for the purpose for which they were collected, personal data must be deleted. If data subjects withdraw their consent to the use or processing of their personal data, organizations are obliged to delete (‘erase’) the relevant information.

Extended duties of documentation: The GDPR introduces additional obligations for companies, in particular in the field of documentation. While organizations no longer have to maintain a public directory of procedures, the obligation to keep internal records of their processing activities has been maintained and even extended.

Minimizing risk: The EU GDPR pursues a risk-based approach, focusing on the “risks for the rights and freedoms of natural persons.” Such risks may arise in case of personal data breaches. Given this, the regulation requires that personal data breaches must be reported to the competent supervisory authority within 72 hours. Organizations should clearly regulate the roles and responsibilities within their data protection organization and establish and document the processes necessary to mitigate the existing risks.

In certain cases, the EU GDPR requires detailed risk assessment prior to the introduction of data processing. Risk assessment in this context extends from systematic description of the planned activities and purposes of the processing of personal data to documentation of the actions planned to mitigate the risks and ensure the protection of personal data.

How we Can help you comply with gdpr

TÜV SÜD recommends that organizations identify processes falling under the scope of the GDPR, and that they conduct initial checks by aligning existing processes with the new requirements. As the EU GDPR has already come into effect, it is high time to complete the implementation of compliant processes and systems.

A leading expert on regulatory frameworks and process optimization, TÜV SÜD supports businesses in the process of becoming EU-GDPR compliant.

Contact Us Today to Learn More


EU - General Data Protection Regulation
White paper

EU-General Data Protection Regulation (EU-GDPR)

Understand the key requirements of the harmonized EU standard

Learn More

Comprehensive Glossary of Cybersecurity Acronyms: Understanding Terms in the IIoT-Enabled World

Cybersecurity Acronyms in the IIoT-Enabled World

Enhance your knowledge of IT and cybersecurity terms

Learn More

Penetration testing
White paper

How To Ward Off a Hacker Attack

Understand the current climate in cyber threats, learn about the hacker’s mindset

Learn More

Cybersecurity Maturity Model Certification

Cybersecurity Maturity Model Certification (CMMC)

Determine which CMMC maturity level you must achieve to work for the Department of Defense

Learn More


Next Steps

Select Your Location





Middle East and Africa