What is this resource?
Huge fines and mandatory breach reporting have long been headline-makers for the General Data Protection Regulation (‘GDPR’). However, the key question for business has remained ‘what does this mean in practice?’
Recently, the Article 29 Data Protection Working Party (‘WP29’) has published guidance on mandatory breach reporting and the Information Commissioner’s Office (‘ICO’) has given a helpful insight into its approach through a series of blogs on ‘GDPR Myths’.
In this short paper we consider the enforcement landscape, explore the developing issues and highlight some of the wider risks from adverse scrutiny that may have been missed with the focus on regulatory activity.