The smallest well-intentioned acts can have significant unintended negative consequences. When those acts have a global impact on individuals and businesses, the unanticipated negative effects could potentially be catastrophic. That’s what some experts fear when it comes to the ability of security teams to do their jobs in the wake of new privacy regulations, in particular the European Union’s General Data Protection Regulation (GDPR).

In some cases, the GDPR and laws such as the California Consumer Privacy Act (CCPA) make it harder to stop bad actors from stealing the personal information that the regulations are supposed to protect. The regulations often lack specifics about how to comply, and companies take actions that impede security out of fear of potential penalties.