If you face a Risk, you can:
– Reduce / Mitigate – the default posture
– Transfer ( not more my problem)
– Accept ( or sometime it is a passive management decision, fake it and ignore :-/ )
In that post … Avoiding the Risk can be a good and cost effective strategy to comply with GDPR …. good read.
“Like it or not, EU General Data Protection Regulation (GDPR) is coming and companies aren’t entirely sure the best method for avoiding the heavy fines that the regulation imposes for noncompliance. At the core, GDPR requires that people in the EU have the “right to be forgotten” from any system their personally identifiable information (PII) is housed in. In addition, the regulation forces companies to require consent from the individual before storing, processing, and using the PII.
At least one company is looking to remove as much risk as possible. According to Wired, Wetherspoon has simply deleted all of the email addresses from their marketing database. Instead, the company plans on marketing via social media channels, including its Facebook and Twitter accounts, as well as its corporate website. Wetherspoon is doing this to help prevent heavy fines that range from either 2%-4% of gross revenue or 10,000,000 EUR to 20,000,000 EUR, depending on which penalty is higher. Enforcement will go into effect in May of 2018.
The email from Wetherspoons