The European Union (EU)’s General Data Privacy Regulation (GDPR) places a broad number of restrictions on the collection and transfer of individuals’ personal data. A company based in the US that does business with several clients in the EU realizes that not all of its current security practices align with GDPR standards. The company drafts an action plan to address these issues and resolve them accordingly. Which security principle is illustrated in this example?