They are that “it’s only a data breach when the data leaves my organisation; I can outsource my compliance to an external provider; and any data breach puts me at risk of non-compliance and penalties".
He elaborated further in his conversation with the OFM Business Hour.