GDPR, which comes into force on May 25th 2018, is to regulate the handling of 'personal data'. There's a lot of noise about it, but a lot of confusion as well. How the regulation should be interpreted is not always clear so it's good to get the definition from the horses mouth. The actual definition of 'personal data' is, as defined in Article 4 of the regulation:
So far no one seems to have commented on how come the damaging documents from Mossack Fonseca got leaked in the first place. While of course we are all glad they did, except of course those rich, powerful and/or corrupt few, but from a security perspective this is probably one of the most monumental and spectacular cock-ups in world digital history. It is only the real world implications that has distracted everyone from the fact that a bank managed to leak so much information about its clients, which of course is a scandal in its own right. 11.5 million documents leaked is quite a scoop by any measure.
I'm sure you've all had them, attachments appearing in your email inbox from various companies, some familiar and some not, which claim to be invoices or order details. They are malicious attachments, some are zip files or pdfs, or other less familiar file types, but they are all attempting to attack your computer through its weakest link. That link is between your chair and your keyboard. Yes that's you! While spam filters do a pretty good job on the whole of stopping such junk from hitting your inbox invariably some of it is going to get through.