“Virtually every company collecting and/or holding any data about any EU resident (they don’t have to be a citizen), irrespective of where your company is based, will have to comply with GDPR or face fines of up to €20 million or 4% of global turnover, whichever is larger,” explains Brian Chappell, who is the senior director of enterprise & solution architecture at BeyondTrust, a global information security software company. “GDPR is data protection legislation that is largely predicated around security best practice, but unlike regulations and laws previously, this one has teeth…big teeth, so don’t get caught out.”