If I think of some of the very smallest enterprises, particularly organizations or enterprises that may not conduct business on the Internet, is that recommendation a bit onerous? Does the local curling club need a privacy officer, a written privacy policy, and a privacy management framework to have people curl at their club, for example?
On February 21st, 2017. See this statement in context.