Please wait while the transcript is being prepared...
0:00
Hi. My name is Amalia Barthel.
I'm an advisor, consultant and
educator in the areas
of digital risk,
digital data risks, privacy
compliance and governance.
In this talk titled,
"The risk management process
in digital risk", we will
discuss how the risk
management process must
evolve in order to
address digital risk.
We will go deeper into
how frameworks such as
NIST and ISO deal with
data-driven risk management but
also artificial intelligence
risk management.
We will discuss various
other internationally
recognized frameworks
and concepts that will help
our listeners understand how
the classical risk assessment
evaluation and
treatment processes
evolved in the
digital risk world.
0:51
We will start with this example.
In a decision dated
January 26th,
2024, the Austrian Data
Protection Authority,
DSB, rejected the
request for consultation
pursuant to Article 36
in GDPR of an Austrian
municipality.
On what basis, you ask?
They rejected having
jurisdiction over the risk and
decision on the risk
documented by the municipality
requesting the consultation.
The Data Protection Authority
noted that the relationship of
the municipality with
the ownership of
the data constitutes
a risk in itself.
So, liability is attached to
those with decision power
over the information.
This answers the question, who
is accountable for the risk?
Not a higher power
or authority but
those entities with
ownership and decision-making
power over the data.
