Looking for advise on upcoming GDPR compliance in regards to our SQL Server. Has someone already implemented? Or made a plan. Kindly share the inputs. The MS whitepaper suggests different solutions from different perspectives of Security. However, I am unable to make out that single threshold on which we can say that my servers are GDPR compliant. It’s like that if we put all suggested security features in place……then, for quite many servers, a lot more compute resources will be required…in comparison to what is needed only for database workload. We can’t afford so such resources. Another challenge is not all those Security features are available in older versions like SQL2005, SQL2008 n SQL2012. So, securing old versions based on old Security techniques of respective version will make the SQL Server as GDPR compliant or not. Another question is, that on what basis, the GDPR community will impose fine on such SQL’s. Will they check each Security technique OR will they check any PII data etc? What is that thin threshold line which can literally save us from any kind of fine. Also, can we bring it down to one single Security technique (possibly common in all versions)…..instead of so many different Security techniques in different versions? Last question for now – Some sp_configurations options are actually needed by the applications….like xp_cmdshell, CLR, Trustworthy etc…….however these are recommended in MS whitepaper to be all disabled. So, if we can’t do this due to application needs….then how to call the SQL Server as GDPR compliant? And let’s say that we took in writing from the Developer teams that their application does need those features, no matter what…..In such case, will the GDPR community accept such written confirmation as justification from our side……and leave us without any fine? Thanks in advance + Best regards.