How (not) to make a breach notification under GDPR

In theory, all personal data breaches must be reported to the Information Commissioner under GDPR unless “the personal data breach is unlikely to result in a risk” to an individual. But since there is no “risk” threshold laid down, that in theory means that almost every potential breach should be reported.
While the European Information commissioners have issued “guidance”, that guidance skates around all the difficult questions arising from the ambiguities in the GDPR. Dai will present an answer to the enigmatic question of what breaches should be reported. He will also look at the even more important question of how you report in such a way as to minimise interest from the Information Commissioner.

Key Takeaways:
 What exactly is IT Security
 How (not) to plan in advance and why it is essential
 When and how (not) to report a breach to the Information Commissioner