Re: Have organizations factored GDPR risk into their business impact analysis (BIA) computations?
True enough in the realm of cyber space, especially since each nation has its own cyber defense initiatives..
Trouble with GDPR , however,is that according to EU rules, noncompliance can be very costly for scofflaws.It's more an issue of protection of personal data (PII, PHI, among others.)
What's more, is that the GDPR is the baseline legislation; there is leeway for each of the Euo Member States to chime in with their own national legislation.
Failure to take due care can set organizations up for "dissuasive" measures, and since the European Economic Area economy is colossal (second largest in the world) ignoring GDPR might not be the best risk strategy.