Every company in the EU that processes personal data must comply with the European General Data Protection Regulation since the 25th May 2018.
The effects on organisational, customer management and even IT processes are particularly far-reaching for small and medium-sized enterprises. Liability is also being radically tightened: fines of up to €20 million or 4% of the previous year's turnover are threatened. Implementation is made even more difficult by the fact that EU regulations often require additional interpretation. SMEs certainly face major challenges as a result of these serious and often vague regulations, for the implementation of which no practicable standards have existed until now.
That is why VdS supports small and medium-sized companies with the usual compact and practicable guidelines in implementing the EU regulation. With the VdS 10010 guideline, SMEs ensure the required data security with optimum resource efficiency - auditable and certifiable.
The user-oriented assistance VdS 10010 can be found here free of charge.
With this compact guide, which is specially tailored to small and medium-sized companies, you can implement the legal, organisational and technical requirements of the GDPR in a clearly structured manner and with manageable effort. The VdS 10010 guidelines are closely linked to the award-winning VdS 3473 on information security. The current VdS publication ensures the necessary practicability and precise alignment with the corporate reality through the co-authorship of numerous organisational experts and data protection officers directly from small and medium-sized companies.
The legal minimum requirements for data protection in handling personal data are formulated in a comprehensible manner and designed in such a way that SMEs are not overburdened in terms of organisation and finances. The VdS 10010 guidelines are based on the EU General Data Protection Regulation (GDPR) and the current Federal Data Protection Act (BDSG-new).
From the VdS guidelines 10010, measures and processes can be derived with comparatively little effort to help SMEs achieve an appropriate level of data protection. If necessary, an additional review of the management system processes by a legal advisor with expertise in data protection can be carried out downstream to confirm the necessary legal certainty.