The GDPR recognises a “risk-based approach” in several areas of data protection compliance. Controllers can adjust some data protection and security practices, taking into account factors such as the nature of the data, the resources of the organisation, and the “state of the art”.

In this session, a panel of experienced practitioners will offer guidance on when the “risk-based approach” applies—and how best to balance the needs and resources of your organisation with data subjects’ rights.