Global data protection regulations (new or updated) are being enforced aggressively, resulting in a tsunami of hefty fines and penalties handed out to violators. The majority of these violations are a result of the failure to conduct regular risk assessments, which form an integral part of the ‘appropriate measures’ a business must take to ensure information security.