I'm in an environment (in the US) that is big on protecting PCI and HIPAA. I guess it is never too early to look into this. Having read some white papers and skimmed through the readiness assessment ( Assess your readiness for GDPR now ), I don't think we can get a passing grade at all. Being tied to a legacy system, we are facing lots of reluctance from the s/w vendor to enhance compliance features.
Would you please share your experience/opinion on how to develop a plan to move towards at least a passing-grade compliance? Thanks.