Historically, data privacy law has been viewed from the perspective of legal compliance.
This has contributed to a rather blinkered mentality, with an overwhelming focus on the rights of data subjects, and data privacy impact assessments being conducted as a formulaic paper exercise.
GDPR has reinforced the need for legal compliance, but it’s also highlighted the need to understand the complex technology supply chains which underpin most modern businesses.
Data controllers and processors have a legal duty to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, the ability to restore the availability and access to personal data following an incident, and regular testing and evaluation of the measures.
These can be difficult and expensive requirements to meet. Our background and experience make us well qualified to help clients make this assessment.