The General Data Protection Regulation (GDPR) became effective on May 25, 2018 to protect personal data for all individuals within the EU.
Sanctions for non-compliance can go up to 20 million € or 4% of organization's annual revenue.
Any personal, professional, private or public information, related to an individual:
Name, address, photo, email, financial details, medical information…
You can audit users (history of activities, list of authorizations) or your applications (who did what)
For systems with high-security requirements, passwords do not provide sufficient protection.
For example, before accessing a secured application, users must fill a login form, receive a notification on their mobile, and validate it with a pin code or fingerprint.