1. An Economical Approach

It is based on the GDPR mandatory requirements and the national legislation. Typical of this approach is that the company designates a DPO and conducts a DPIA only when it is obligated. This approach is primarily applicable to small and medium-sized enterprises that do not process sensitive data and personal data of children, do not use new technologies, do not profiling or a systematic monitoring of a publicly accessible area.

  1. A Business Approach

It is based on cost and time. Typical of this approach is making informed decisions by the company’s management, taking into account the costs that will be borne by the company and the time it takes to ensure compliance with the GDPR.

  1. A Premium Approach

It is based on the benefits that can be derived. Typical of this approach is to take into account the specific of the company’s activities and trends in the sector, to designate a DPO, to conduct a DPIA in the company, products and services that offers, even when this is not required.

Comparison between the three approaches

IndicatorEconomical ApproachBusiness ApproachPremium Approach
Initial investment******
Expenses for future periods******
Assurance ******
Flexibility ******