GDPR puts legal teeth with $MegaFines onto a lot of internal IT political battles beyond security, too.
Unified project processes, mandatory architectural reviews, IT-driven planning... if you're in a domain with lots of personal data the answer to why can't be cowboys and ignore IT 'just this one time' goes from "because we are trying to do IT right, dammit" to "because it's illegal" or "because the compliance costs are too high".
Unified project processes, mandatory architectural reviews, IT-driven planning... if you're in a domain with lots of personal data the answer to why can't be cowboys and ignore IT 'just this one time' goes from "because we are trying to do IT right, dammit" to "because it's illegal" or "because the compliance costs are too high".