Theres a lot of confusing rhetoric around the General Data Protection Regulation (GPR) Im not a GDPR expert; however, I am a chief information security officer. The biggest misconception about GDPR is whether you can control data under the regulation and whether you should. 80% of GDPR-related data isnt even under the control of CISOs, says C-GDPR-P. CISOs own principle 6 of accountability across business functions, which says that data should be processed in an appropriate manner to retain security”]
Source: https://www.csoonline.com/article/3254568/cisos-what-you-can-control-and-what-you-can-t-in-gdpr.html