The law is clear on the responsibilities of organisations that collect and process personal data. You must have policies and procedures in place and ensure that all personnel are aware of and trained on the General Data Protection Regulation. Statistics reveal that a costly data breach is almost inevitable. It's a question of when not if. In this article, we look at the steps organisations should take to implement a robust privacy programme, including establishing an effective framework to provide the basic structure and offer guidance about how to integrate any compliance requirements applicable to your organisation.