The EU General Data Protection Regulation requires data controllers and processors to implement technical and organisational measures appropriate to the risk, including pseudonymisation, encryption, and confidentiality assurance for personal data — with Article 83 penalties reaching the greater of €20 million or 4% of global annual turnover for serious violations. Zero Trust architecture operationalises GDPR's data minimisation and purpose limitation principles through granular access policies that restrict personal data access to verified individuals with a demonstrated legitimate purpose, while providing the audit trails required to demonstrate accountability under Article 5(2).
Related: DPA · NIS2 · DORA · Healthcare · Fintech