For your GDPR compliance: Have a plan. Try your best. Embrace privacy.
UK Information Commissioner Elizabeth Denham spoke recently in New Zealand about data breaches and the state of the EU General Data Protection Regulation (GDPR) after six months.
Key takeaways included:
- “EU data protection regulators [are] going to prioritize …enforcement activity towards those bad actors who are a direct threat to EU residents. Companies who are trying their best to comply with the rules and are cooperating with EU regulators can expect to engage the advisory and warning end of our toolkit rather than the 4 percent of global turnover fines.”
- If, within the 72-hour time limit, you have no clue as to the who, the what or the how of a breach, then you do not have the required accountability data checks and balances in place.
- Since GDPR went into effect, there have been more complaints from the public – an increase to 19,000 from the previous 9,000 in a comparable six month period; and more breach reports – over 8,000 since the end of May when it became mandatory in some high risk circumstances.
- “Businesses that embrace a commitment to strong privacy protection will be the ones to flourish”.
Read the full text of the speech on the ICO’s website.