Any organization, processing personal data of citizens of the European Union is obliged to comply with the requirements of GDPR (General Data Protection Regulation). However, the regulations do not contain information about how to comply with these requirements in practice. The international standard ISO 27701 solves this problem because it contains specific controls to fulfill requirements specified above. In the course of the research, the standard was analyzed and there were made up recommendations that can be applied to all types and sizes of organizations, including public and private companies, government entities and non-profit organizations that process personal data of citizens of the European Union.