Very valid point. And here’s something I pinched from SQLServerCentral.com which could be seen as threats and opportunities…
(I didn’t just grab it because it agrees with my point about needing to secure everything, either. It goes way beyond that).
"The General Data Protection Regulation (GDPR) is soon, in a year’s time, to become law in all EU countries, including the UK. The regulation also applies immediately to organisations based outside the European Union if they collect or process personal data of EU residents. We’re not just talking about potentially embarrassing medical records here. No, personal data includes anything like a name, a home address, purchasing habits, a photo, an email address, bank details, posts on social networking websites, or a computer’s IP address. To use this personal information will require explicit consent, which can be subsequently withdrawn. It can only be retained for a period of time.
"Organisations can’t shrug and say that they delegate the processing of personal information to a third-party. If they use and benefit from the data, they are responsible. They have to show that access to such data is prevented by design. We have to prepare now before it becomes enforceable in May next year. Many existing IT systems will have to be re-engineered before next year.
"Organisations over a certain size whose main activities involve processing operations, and that are operating in Europe will have to appoint Data Protection Officers to ensure that the organisation complies with the legislation. These people will need to be data experts with experience in security and a lot of knowledge about the protection of data, able to sure that IT systems protect data ‘by design and by default’.
“The mood in the USA towards personal privacy is rather different, favouring as it does the rights of the state, as defined in the Patriot Act. However, because of the long-standing international agreements of Safe Harbour and more recently Privacy Shield, the GDPR affects all businesses processing personal data who trade with Europe. The EU has the most progressive laws on data protection, and will determine the data standards of a globalised market, so it looks inevitable that the international standards for handling personal data will derive from the GDPR. Yes, the ramifications of GDPR could easily affect your work.”