Data sovereignty absolutism sounds principled but fails in practice. Why a risk-based approach to cross-border transfers and vendor strategy works better under GDPR.
