What steps should an organisation take to comply with GDPR?

Cyber security journalist Edward Lucas from The Economist explains the importance of a Data Protection Officer (DPO) reporting to the CISO, the General Counsel, or the Chief Risk Officer.

They need to have the authority to make changes to cyber security processes and to invest in cyber defences. The advent of GDPR adds urgency and organisations need to assess the data they have, the processes they have in place to prevent cyber security breaches, and the processes for monitoring and detecting a cyber incident should one happen.