I was asked the equivalent of the subject question the other day, and realised that perhaps the demonstration of compliance is not quite as obvious as I have made it out to be in previous blogs.
And by ‘obvious’ I don’t mean ‘simple’, because this has always been simple.
The word ‘appropriate‘ appears 115 times in the GDPR final text, and the word ‘reasonable‘ a further 23, but if you don’t know how to define those things in relation to compliance for your organisation, how do you know when you’ve done enough? Or too much? The balance is as important to your business as compliance itself.
Continue reading