In the past, data protection regulation has largely been concerned with preventing the theft of personal data. Security and security products have focused on preventing breaches -- no breach effectively meant no failure of data protection compliance.
Original author: Kevin Townsend