Published: March 2016
IAPP Westin Fellow Gabriel Maldoff, CIPP/US, examines the EU General Data Protection Regulation's risk-based approach to data protection in this white paper. Throughout the GDPR, organizations that control the processing of personal data are encouraged to implement protective measures corresponding to the level of risk of their data processing activities. Although the GDPR is silent on how organizations should assess and quantify risk, certain trends emerge from the sections where risk does appear that will guide organizations in implementing a risk-based approach. Maldoff offers guidance on where organizations will have to make decisions about risk and applying the GDPR to their operations.