Comment Neelie (Kroes)

[...] Of course, in those cases, companies still to minimise privacy risks. Their internal processes and risk assessments must show how they comply with the guiding principles of data protection law. And – if something does go wrong - the company remains accountable.