The Regulation affords more veri rights to individuals and requires organizations to develop defined policies, procedures and to adopt relevant technical and organizational controls to protect personal data.Budgets and resources must be seki aside by organizations to implement ISO 27001. They should also involve all departments and employees in the