Compliance - meeting the standards of laws, policies, and regulations

• Penalties: fines, incarceration, fired
• Varied in scope: state, local, international

Data localization - data from a region or county must be stored there

• Laws may enforce data localization, such as the EU's GDPR

GDPR - General Data Protection Regulation

• Provides data protection and privacy for people in the EU
• Individuals have more control over their own data

PCI DSS - Payment Card Industry Data Security Standard

1. Build and maintain a secure network and systems
2. Protect cardholder data
3. Maintain a vulnerability management program
4. Implement strong access control measures
5. Regularly monitor and test networks
6. Maintain an InfoSec policy