The major cyber breaches at Equifax, Marriot, Adult friend finder and other companies make sense to impose rather rigid cybersecurity obligations on individual companies. The current GDPR compliance obligations are global, reasonable and clear. The framework of GDPR requires companies to meet a defined set of risk-based requirements, that is developed through a collaborative, multi-stakeholder (HR, Legal, IT, Procurement, Sales) process, and cannot be a safe harbor from liability. Companies must prevent and contain a data breach and secure that confidential or sensitive personal information is not leaked or disclosed illegally and ensure that preventative steps are taken to stop it from happening again. GDPR recognises that the data subject is the victims, and the processor or controller’s responsible for deliberate or unintentional action that cause the loss of access to personal data as a result of malicious cyber activity.
Attend one of our seminars to get a set of 30+ templates, policies, procedures and a GDPR Roadmap and Framework. https://www.eugdpr.institute/events/