The General Data Protection Regulation (GDPR) has been law across Europe for more than a year and fines of more than £100m have been imposed by the UK Information Commissioner on British Airways and the Marriot Hotel Chain. Company Boards and Senior Management are now revisiting their Privacy risk and asking, “Are we GDPR compliant?”
To be comfortable to respond you need to be able to answer two simple questions….
- Can you confirm that your Privacy accountability model is clear. i.e. if something goes wrong do you know who is responsible?
- Can I prove that my organisation is proactively managing our Privacy risk. This means, if you suffer an incident, had you previously identified it as a risk and can you explain why you considered your approach to be reasonable.
Julian Parkin, the founder of Parcadian explains challenges commonly faced and outlines steps companies can take to reduce their Privacy risk.