You should prepare for a data breach, that is, a situation where you have not handled PII data according to GDPR.
Humans and automatic systems can make errors and use data where it should not be used. Have a process for data breach events so your organization knows what to do when that happens.
GDPR is applicable to all EU member states but it is enforced by a national data security authority in each member state. Contact your legal representative for specific questions, or your national authority for general questions regarding data breaches and penalties.
Updated 10 months ago