Reply to post: GDPR requires technical measures as well as organisational measures

UK Ministry of Defence apologises after Afghan interpreters' personal data exposed in email blunder

Anonymous Coward
Anonymous Coward

GDPR requires technical measures as well as organisational measures

The classic mistake of "using CC instead of BCC" is probably the main cause of unintended data breaches in general. It a form of human error and therefore any organisation-defined procedures are likely to have limited impact on reducing the occurance of such mistakes. That is why technical measures should be implemented by organisations (both public sector and businessess) to vastly reduce the scope for such mistakes to happen.

Indeed the GDPR covers technical measures, i.e. in GDPR Article 5(1)(f):

"processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)."

However the ICO never seem to bother prosecuting any org who fails to implement any, or insufficient, technical measures. The vast majority of organisations are unlikely to bother implementing suitable technical measures until the ICO starts taking action due to their absence.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon