Really great talk - very practically oriented which I appreciate - but one question: GAPT is mentioned frequently. What does this stand for (because Google results don't seem to be relevant).
My question is, Who exactly is this certification for? What type of company? For example if I am a company that only collects data of just my employees for hiring but of course I am not using that data for any type of marketing then do I need this?I can see this for company's that use data to market to like financials companies, Service companies like Cell phone companies, marketing data and medical companies.
Thomas is right. War Ninja, GDPR still applies to you as you are collecting the 'personal data' (I am hoping not 'sensitive personal data'). You / your company must demonstrate the enforcement of the data security controls to protect the personal data. Also, you must demonstrate that the data which is collected is not used for any automatic decision making.