The EU General Data Protection Regulation (GDPR) requirements were laid out in 2017 and just become a reality last month. As the May implementation date loomed, there has been much discussed about the impact of the pending legislation. But what seemed to be missing from the conversations was how IT will manage yet another variable when implementing hybrid IT strategies where hosting and service delivery is more federated and dynamic. In the complex environment of hybrid IT, you need to either know the blast radius when there is a data breech so you can make appropriate notifications and corrective actions. Conversely, when you add additional infrastructure, you must also account for any impact to existing applications and services. GDPR did not create these problems – these already existed in mixed physical, virtual and cloud environments.