Europe’s landmark privacy legislation, GDPR, was officially adopted ten years ago and has been in force since May 2018. It has forced organizations to change the way they think about personal information and has put privacy risk firmly on the board’s agenda, especially since the sanctions available under the regime are potentially ruinous


