If you approach GDPR as if compliance is all that matters, then you're bound to fail – data protection should be at the heart of business strategy
http://www.computerweekly.com/opinion/GDPR-for-the-CIO-Data-protection-is-about-more-than-GDPR-compliance