Reporting to the Board: Making the Case for Data Privacy Investment

One of the joys and frustrations of working in data protection and privacy is the way the GDPR uses language. Controllers and processors must provide the ‘necessary’ resources and implement ‘appropriate’ organisational and technical measures. Words like that can seem unhelpfully subjective, so it’s important that Privacy Teams have the skills to explain what is ‘necessary’ and ‘appropriate’ – […]