GDPR’s Information Security Requirements – What Exactly is ‘Appropriate’?

Posted on in Videos

The GDPR requires organisations to take ‘appropriate’ technical and organisational measures to ensure the confidentially, integrity, availability and resilience of personal data. Article 32 gives us some clues as to what factors can help you to decide what is ‘appropriate’ – cost, risk, state of the art, scope and purpose – but it doesn’t provide the magic formula to take all these variables and make your own conclusion. This session will help you find the answer for your organization and consider how a regulator would work out if you’re doing the right things.


Share With Your Community