The RSI security web site breaks down the measures in a few depth, but the procedure in essence goes similar to this: The GDPR safeguards private data regardless of the technologies useful for processing that data. It truly is know-how neutral and relates to the two automatic and handbook processing, https://www.nathanlabsadvisory.com/blog/nathan/how-to-achieve-pci-dss-compliance-certification-in-the-usa-quickly/
