Learn How: Get The Resource

Along with the European Union General Data Protection Regulation (GDPR)’s stress on data subject rights – where consumers will have legal rights and access to their data long after it’s collected by a company – the Regulation’s emphasis on minimizing privacy risk will require a rethink of how personal data is handled by companies operating in the EU.

So central is the notion of risk to the structure of the Regulation, that the word appears 75 times in the current version. Further reinforcing the point, risk assessment appears in the very first sentence outlining the responsibility of the controller (the entity that determines why and how personal and private data should be collected).