As part of PCI facts security expectations, Actual physical cardholder facts need to also be stored inside of a protected spot, for instance a locked room or storage spot with limited obtain. The GDPR shields personal details regardless of the technological know-how useful for processing that data. It's technologies neutral https://www.nathanlabsadvisory.com/iso-20000-1-it-services.html
