Data Protection and Quality Management – How Do They Fit Together?

To implement data protection requirements, it is advisable to align with existing quality management systems. For building its data protection management system, AMCON has utilized the structure of the DIN EN ISO 9001:2015 standard.

DIN EN ISO 9001:2015 is part of the EN ISO 9000 series and defines industry-independent requirements for a quality management system. It also takes into account customer expectations and regulatory requirements. AMCON regularly demonstrates its competence and performance in quality management through successful ISO certification audits by TÜV Rheinland.

For AMCON, data protection is a crucial quality factor. We have adopted methods and content from the standard to create synergies between quality management and data protection. This reduces extra effort and provides security when implementing a data protection management system. One similarity is that company management is responsible for both quality management and data protection implementation and effectiveness (see Chapter 5 – Leadership). Chapter 4 of DIN EN ISO 9001:2015 emphasizes process orientation, among other things. In addition to describing data processing procedures, we have established processes to respond promptly and in compliance with the GDPR in the event of a data breach. Chapters 7.4 (Communication), 7.5 (Documented Information), and 8.2 (Requirements for Products and Services) are further examples AMCON has considered for implementation. We have established the PDCA cycle—Plan, Do, Check, Act—as part of the continuous improvement process. Regular evaluation and optimization of services and measures are essential in both data protection and quality management (compare Chapters 9 (Performance Evaluation) and 10 (Improvement)).