There is a lot in here – preparations for the GDPR, the growing realisation of the implications of holding the data of other organisations, contractual certifications of GDPR compliance, unwitting indemnification of other parties, WP249 and its assertion that discovery … Continue reading →