For me, protecting personal data in a company is still primarily a matter of proper technical solutions. Without good software and solid security measures, even the best-described procedures often remain only on paper - at least that's my observation. It's important to choose CRM, ERP systems or HR tools (e.g. solutions like Salesforce, SAP or Workday) that offer RODO compliance mechanisms. In practice, you need features such as encryption (e.g. AES standards), access logging, retention policies with automatic deletion of obsolete data, and consent management tools; it sounds trivial, but can make a difference. Backups and disaster recovery plans should not be overlooked either - loss of personal data has consequences that are better not tested live. The IT infrastructure should include network segmentation, access control and monitoring of user activity; firewalls, DLP systems and anomaly detection solutions are even the basics. One must remember to secure endpoints - laptops, business phones or IoT devices. Cloud-based solutions are sometimes the most convenient, but they require attention: security certificates, server locations and access control mechanisms are important, although a certificate alone does not always provide full guarantees. In hybrid environments, identity management (IAM) tools and multi-component authentication become almost indispensable, and their implementation is worth considering sooner rather than later.