The implementation General Data Protection Regulation (GDPR) to organizations should be seen in the context of achieving their business goals. Very clear have to emphasize the benefits for organizations and the values adding to business. It is absolutely wrong to understand GDPR like as another restriction to the operating environment. GDPR is a tool for generating a strategic advantage based on trust between the organization, its employees, clients and partners. Building on business goals, deployment models should be focused on risk-based thinking, taking into account technology innovations, environmental factors, information management, supply management and globalization. In this text, the author pointed ISO 9001: 2015 standard like a model for implementing GDPR and offering a further insight into how to achieve the methodology of the implementation process.