IAPP Westin Fellow Gabriel Maldoff, CIPP/US, examines the EU General Data Protection Regulation's risk-based approach to data protection in this in-depth study. Throughout the GDPR, organizations that control the processing of personal data are encouraged to implement protective measures corresponding to the level of risk of their data processing activities. Although the GDPR is silent on how organizations should assess and quantify risk, certain trends emerge from the sections where risk does appear that will guide organizations in implementing a risk-based approach. Maldoff offers guidance in this white paper on where organizations will have to make decisions about risk and applying the GDPR to their operations.
If you want to comment on this post, you need to login.