Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Tekmic
Newcomer II
‎11-20-2017 12:28 AM
‎11-20-2017 12:28 AM

GDPR sanctions and mitigating factors

The article 29 Data Protection Working Party (WP29) has issued guidelines on “the application and setting of administrative fines for the purposes of the Regulation 2016/679”. These guidelines contain an assessment criteria setting the levels for issuing administrative fines taking a risk based approach into account.

 

Aiming for an effective risk management effort should be key for any business to be in control, treating risk to be within the risk appetite of management, as well as to mitigate any administrative fines issued to the business by the authorities and data protection agencies.

 

Even though rumor says, that the data protection agencies will follow a somewhat pragmatic approach for a start (after May 25th, 2018), the price tags for infringements of the regulation are interesting (or rather scary) seen from a management perspective.

 

https://www.linkedin.com/pulse/gdpr-sanctions-mitigating-factors-michael-christensen/

Compliance and InfoSec Consultant
Reply
0 Kudos
1 Reply
flyingboy
Newcomer III
‎11-20-2017 11:06 PM
‎11-20-2017 11:06 PM

Well said. In this risk management, do we want to raise the bar of compliance to have some well deserved peace of mind or adopt a higher risk tolerance with minimal or no effort in approaching compliance hoping a regulator or individual will never challenge your organisation's practices?

 

Not all regulators or individuals are pragmatic. You may have the resources in testing such level of understanding through legal processes.   

Reply
0 Kudos