Originally Posted by
Ash
Apart from the whole consent fandango, there's the infrastructure security too. If you get hacked, it's basically your fault unless you can show you have done everything possible to avoid it, which basically means bankrupting yourself hiring security consultants to do 'penetration tests' :-| on your websites and networks. And if an external data processor you use can't produce compliancy documentation you're supposed to sack them off as if an alternative is available off the peg to just plug in instead. Who'd want to take DPO responsibility for that lot?