In turn this will necessitate regular, focused training on aspects of the Regulation. One of the most significant of these is the importance of a culture of openness and transparency in dealing with breaches and Data Subject Access Requests (DSAR’s). It is no good pretending that hiccups don’t happen – where there is a ‘human element’ involved there is always the possibility of error.
The Uber breach case being a good example. There was delay in reporting the breach which could easily compound its consequences and the penalties are going to be magnified in these circumstances – and don’t forget the penalties – €20M or 4% of turnover, whichever is the greater.