Risk-based approach to data protection in GDPR The EU General Data Protection Regulation (GDPR) was released in 2016 and fully enforced in 2018. The impact of GDPR is far reaching and is not restricted to any particular sector. It applies to all organisations handling personally identifiable information (PII). Any organisation handling PII of European citizens must comply with GDPR. GDPR adopts a proactive risk-based approach to data protection. In Article 24, GDPR lays the foundation to this approach by stating that: Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. In this Discussion, you will study the risk-management approach adopted by GDPR and its practical implication and application. To prepare for this Discussion Review Learning Resources, especially those on risk management. Review the resources on GDPR Seek credible external resources on the topic.