To get the board on board, you will need to clearly communicate:
What GDPR means to your organisation
Why they should care about it
How the organisation will respond to it and how you will manage it
What you need from them to make it happen
Be as positive, engaging and solution-focused as you can. Do not look to the board to fix your problems, instead tell them how you are going to tackle issues before they become a problem, and the support you need from them to do so. It is essential that you express this is a business benefit, which will safeguard and strengthen your organisation’s reputation. Avoid legal, technical and theoretical language and remember to focus on what matters most to the board. When talking about the big fines associated with a breach of GDPR, be sure to focus on relevance and efficacy.