A well-spent 30 minutes at the Incident Response Forum Europe with the pleasure of posing questions to two representatives of the Irish Data Protection Commission.

In conversation, Deputy Commissioner John O’Dwyer and Assistant Commissioner Sandra Skehan shared their insights on the trends they are seeing in incident and breach response under GDPR, as well as how the Irish DPC evaluates and processes breach notifications.

From the regulatory focus on the GDPR’s 72 hour notification requirement to the growing number of complaints made by individuals affected by breaches the discussion was wide ranging and interesting.

It did not just focus on controller breaches as we even had time to cover the risks for controllers posed by processor breaches, and the Commissioners’ perspective on that was well worth hearing.