Europe’s landmark privacy legislation, the General Data Protection Regulation (GDPR), was officially adopted ten years ago and has been in force since May 2018. It has forced organizations to change the way they think about personal information and has put privacy risk firmly on the board’s agenda, especially since the sanctions available under the regime are potentially ruinous (up to €20 million/$22.8 million—or 4 percent of global turnover—for severe breaches like violating basic processing principles).

Neil Hodge is a freelance business journalist and photographer based in Nottingham, United Kingdom. He writes on insurance and risk management, corporate governance, internal audit, compliance, and legal...