Over the last year, I have had the pleasure of participating in hundreds of conversations on General Data Protection Regulation (GDPR). From these conversations, I’ve gotten an understanding of the struggles organizations are trying to solve when it comes to the 99 new GDPR regulations. The big challenge is that the EU has remained relatively silent on what processes, applications, methodologies and procedures should be applied in order for an auditor to walk away satisfied. As a result, there’s a debate over what organizations need to do in order to be compliant and capable. The EU regulators seem to prefer to see what the market will produce and will go from there. In other words, they do not really know what to expect and they’re leaving it in our hands to cultivate an appropriate solution.