[uuidgen]

It means designating a person that understands GDPR in the scope it applies to the particular data set and handles requests/security incidents. It can be secretary after a few hours of training.

And I think that if you manage a mailing list of million of people then having someone who understand security implications of it and how much they can lose (even to a simple phishing at this scale) if you get that list accessed by scammers is necessary.

[drdeca]

Secretary? I’m not really talking about an organization, I’m talking about an individual.

A few hours of training is reasonable enough, I suppose?

Seems like it might be simpler to just have whoever is responsible be liable for any problems that could arise from not keeping the list secure? I guess maybe an issue issue with that is that it would be hard to track down all the harms that actually occurred as a result of letting the list fall into the wrong hands, and also hard to even get a good estimate.