Data Privacy - Konzeption eines Datenschutzmanagements für KMU

With the General Data Protection Regulation (GDPR) coming into effect, a lot of organizations are still facing major challenges. The primary objective of the GDPR is to ensure that data subjects have more control over their personal information. For larger companies, however, the consequences will be far less drastic than for small and medium enterprises (SME). This is due in particular to the fact that they have limited resources and many helpful tools are either proprietary or unpracticable for their size. The proposed research tries to solve this problem by developing a personal information management system (PIMS). It is based on the elements and building blocks of different best practice standards, which were, under the consideration of SME requirements, processed into 30 pragmatic measures. The resulting management system, which is structured according to the PDCA Cycle and appropriate to the needs of SME, enables a systematic approach to compliance with the GDPR requirements.