It is recommended you conduct a Cyber Maturity Assessment, which includes specific GDPR compliance aspects and an analysis of how GDPR may apply to your business. The assessment must include the following three key areas:

• Legal and compliance – Readiness and compliance with respect to GDPR and other global privacy-related laws and regulations regarding the collection, use and disclosure of private data.
• Operations and information technology (IT) – Readiness in the operational and IT areas including systems security, human factors, business continuity response, leadership and governance, etc.
• Insurance program readiness – Readiness, sufficiency and adequacy of existing insurance program in light of data privacy and GDPR related requirements.