The GDPR (General Data Protection Regulation) is now in effect in the European Union.
The GDPR requires that personal data being processed in a manner that guarantees its security and integrity of the individuals in question.
This includes individuals right to own their own data. Including safeguard it from unauthorized or unlawful processing. Every organization is required to take technical and organizational measures to ensure its integrity.