GDPR - a month in and nothing's happened, so why should I bother?
This was a very real argument put to me by a potential GDPR training client last week.
Her logic - that GDPR had now been enforceable for four weeks, she had not registered with the ICO, she had heard nothing from the ICO, the business owners she socialised with locally had similarly heard or seen nothing, the training, policies, and procedures were running into hundreds of pounds, so risk against reward, why should she bother?
At first glance, she had a point, but let's look at some reasons why she was wrong