Data is an essential factor for success. Organizations use it to align products and services with the wishes and expectations of customers and interested parties. With the introduction of the European GDPR, the handling of personal data is subject to much stricter legal requirements than ever before. With a Personal Information Management System (PIMS) according to ISO/IEC 27701, a special form of data protection management based on ISO/IEC 27001 is available, which is suitable for implementing any operational protection of personal data.