Welcome to a brave new world in which data privacy is regulated in every way you could possibly imagine... and some you probably couldn’t. The GDPR places these burdens on the data controller, defined as “the individual or legal person who controls and is responsible for keeping and using personal information on computer or in structured manual files.” Effectively, this means your company’s IT department. In addition to creating the right to be forgotten, Article 17 restricts the use of people’s personal data to the original purpose it was collected it for. These are daunting decrees. A deeper dive reveals.