After the fourth GDPR anniversary, what's changed since its inception? And what is the best way forwards for companies to navigate the complexity? These are just a few topics that I explore with Dave Horton from Odaseva. We discuss the API challenges of backing up SaaS data, data subject access requests, and right of access. We also talk about how residency-as-a-service helps organizations navigate complex and evolving Data residency laws, e.g., PIPL in China. Finally, we discuss ransomcloud – what it is, attackers' techniques, which organizations are most at risk, and how preparation is key for organizations to protect themselves.