The implementation is primarily associated with considerable effort, some can be done with the help of third parties. However, at the latest the data protection concept or the definition of certain processes should be carried out by the company itself — after all, everyone should be aware of which data is processed how and how it is handled.
With the GDPR, information security is raised to a new level. That may be considered useful or not. As of 25 May 2018, however, one’s opinion no longer matters as the regulation comes into force then.
Many software providers also promise security. Even though they are probably more concerned with their own well-being, than with the needs of their customers. One can earn money with fear ... The purchase and installation of a program alone does not ensure comprehensive GDPR compliance in any case. Moreover: An off-the-shelf product will never be able to compensate for the complexity of IT or a company with its processes.
We'll be happy to help you to take the right steps. Just get in touch with us.
Yours sincerely,
Steffen Mauer