The 7 Best-Practice Controls to Assure External Data Transfers are in Compliance with the EU General Data Protection Regulation. Stolen Personal Data drives a thriving, global black market. In response, and to better protect its residents rights concerning their personal data, the EU has enacted the General Data Protection Regulation (GDPR). Failure to comply with the regulation can result in fines up to 4% of turnover. Assure your compliance by implementing these 7 best-practice security controls for external data transfers: Compliance, Communications Security, Information Security Policies, Access Control, Cryptography, Physical & Environmental Security and Business Continuity Security.