There's been a lot of confusion--and frankly, a lot of vendor hype--about the European Union's (EU) General Data Protection Regulation (GDPR). There is no doubt that GDPR is a very far-reaching legal initiative that will significantly change the way that many private and public sector organizations treat personally identifiable information (PII) and respond to data breaches. On the other hand, it's safe to say that a majority of readers of this blog post work for organizations that will not be directly ...