RISK APPETITE
Once the regulations are in force, it will take a few cases to build up case law and assess how various aspects are interpreted before there is a full understanding of the implications, suggests Graham Mann, managing director, Encode Group UK. "Depending on the severity of the fines, organisations will be better positioned to assess their 'risk appetite'; but, given the potential fines, it could be a risky strategy. Punitive fines are only one of the powers wielded by the supervisory authorities: they can undertake audits, issue warnings or demand myriad corrective action. In short, they have the power to seriously disrupt your business and leave you with a rap sheet."

'It wasn't me, guv' is no defence, he adds. "Data controllers and processors have dual liability under GDPR and so there's nowhere to hide. Therefore, it's vital that data controllers vet their processors carefully. Corporations will now have to define and implement a data strategy throughout the organisation. More importantly, they must think carefully about whether they need to store certain data, because there is now a defined cost. This will avoid consumer data being held unnecessarily with all the accompanying security risks. GDPR has been a long time coming," he continues. "Its implications are far from being known, but self-governance simply isn't working, as evidenced by the millions of people globally who have been impacted through no fault of their own."

the Article Here