I've spent the last 2 days listening to experts on GDPR in the Life Science industry.  There are about 120 working days until this regulation comes into place and still a lot to do, decisions to make, who is going to be your DPO (data protection officer)?  Do they want to be your DPO? Should you have an employee or an outside agency acting as your DPO?  With the key follow up "is there a course which will teach me how to be a DPO in the Pharma industry?"  One interesting take away was in a number of cases the authorities are looking for the users to come up with the solutions, they don't know what the answer is but they know its's out there.  

Happily I think the answer is out there too and the more these experts spoke the more confident I am they have it.