Since EU supervisory authorities began GDPR enforcement, at least 600 companies and government agencies have been punished for privacy and security failures. These failures have resulted in excess of €275 million in fines, plus orders for remediation. Remarkably, only a few GDPR Articles, such as Articles 5 (Principles), 6 (Legal Basis), and 32 (Security) are consistently cited by those authorities. Moreover, in the majority of cases, the failures were attributable to basic privacy and security practices.
In this follow up to last year’s presentation, a data protection industry legal veteran will review several new post-mortems, determine what went wrong, and discuss the implications for your security and privacy program.