ability to operate in EU countries.

               The GDPR and many other personnel privacy issues are discussed at
               greater length in Chapter 4, “Laws, Regulations, and Compliance.”



               Regulatory Requirements

               Every organization operates within a certain industry and jurisdiction.
               Both of these entities (and possibly additional ones) impose legal
               requirements, restrictions, and regulations on the practices of
               organizations that fall within their realm. These legal requirements
               can apply to licensed use of software, hiring restrictions, handling of
               sensitive materials, and compliance with safety regulations.


               Complying with all applicable legal requirements is a key part of
               sustaining security. The legal requirements for an industry and a
               country (and often also a state and city) must be considered a baseline
               or foundation on which the remainder of the security infrastructure is
               built.