Following IT Governance’s sponsorship of the panel discussion concerning the CISO and DPO roles as part of Holyrood’s “Future of Data Protection Conference”, Alan Calder discusses starting your GDPR compliance project by assessing whether your organisation needs a data protection impact assessment (DPIA) and following a risk-based approach towards a stronger, GDPR-compliant cyber security posture.