GDPR Security Post-Mortems: 10 Critical Lessons You Can Apply Now

November 18, 2020 – 2:15PM EST

Since EU supervisory authorities began GDPR enforcement in May 2018, at least 250 companies and government agencies have been punished for privacy and security failures. These failures have resulted in excess of €150M in fines, plus orders for remediation. Remarkably, only a few GDPR articles “such as Articles 5 (Principles), 6 (Legal Basis) and 32 (Security) “are consistently cited by those authorities. Moreover, in the majority of cases, the failures were attributable to basic privacy and security practices. In this presentation, a data protection industry veteran will review several post-mortems, determine what went wrong, and discuss the implications for complying with the privacy and security requirements of the GDPR going forward.

Learning Objectives

  • Understand what regulators consider when issuing a GDPR-related penalty.
  • Prioritize remediation efforts, especially in light of the new privacy standard, ISO 27701.
  • Apply these lessons for California Consumer Privacy Act (CCPA) compliance.

Scott M. Giordano

V.P. and Sr. Counsel, Privacy and Compliance, Spirion

You need to purchase your pass and register for Security Congress before you can save your spot to attend this session.

Reminder: to register for and view sessions,
all attendees must sign-up or log into BrightTALK

Trouble logging in for the session? Click here

Already have a BrightTALK account? Click “Log in”

You don’t have to use the same email address as your Congress account

Don’t have an account yet?

Fill out the form to sign up for free!


Think you have an account but forgot your password?

Or you’re seeing this message?

Click here to reset your BrightTALK password

Seeing this screen or the session is playing?

You’re already logged in!


Still having trouble?
Click here to email support

Scott M. Giordano

V.P. and Sr. Counsel, Privacy and Compliance, Spirion