* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [CSO Perspective](https://origin-researchcenter.paloaltonetworks.com/blog/category/cso-perspective/)
* Don't Put Off Till Tomorr...

# Don't Put Off Till Tomorrow What You Should Start Today (Part 2)

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2016%2F05%2Fcso-dont-put-off-till-tomorrow-what-you-should-start-today-part-2%2F)  
[](https://twitter.com/share?text=Don%E2%80%99t+Put+Off+Till+Tomorrow+What+You+Should+Start+Today+%28Part+2%29&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2016%2F05%2Fcso-dont-put-off-till-tomorrow-what-you-should-start-today-part-2%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2016%2F05%2Fcso-dont-put-off-till-tomorrow-what-you-should-start-today-part-2%2F&title=Don%E2%80%99t+Put+Off+Till+Tomorrow+What+You+Should+Start+Today+%28Part+2%29&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2016/05/cso-dont-put-off-till-tomorrow-what-you-should-start-today-part-2/&ts=markdown)  
\[\](mailto:?subject=Don’t Put Off Till Tomorrow What You Should Start Today (Part 2))  
Link copied  
By [Greg Day](https://www.paloaltonetworks.com/blog/author/greg-day/?ts=markdown "Posts by Greg Day")  
May 11, 2016  
5 minutes  
[CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)  
[European Union](https://www.paloaltonetworks.com/blog/tag/european-union/?ts=markdown)  
[General Data Protection Regulation](https://www.paloaltonetworks.com/blog/tag/general-data-protection-regulation/?ts=markdown)

In the [first blog of this series](https://www.paloaltonetworks.com/blog/2016/05/cso-dont-put-off-till-tomorrow-what-you-should-start-today-part-1/) we reviewed perceptions and current states of preparation for the EU legislative changes and how they impact your cyber security strategies, drawing on information that was collected during the registration process for a webinar run for practitioners with ISACA.

**++News Flash:++** On May 4, 2016, the European Union (EU)'s General Data Protection Regulation (GDPR) was [published](http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC) in the Official Journal of the EU. The regulation will enter into force 20 days after its publication, on May 25, 2016. Its provisions will be directly applicable in all member states two years after this date, so companies will need to comply with the GDPR as of May 25, 2018.

The GDPR will replace the 1996 Data Protection Directive. The GDPR is a complex piece of legislation, with many different requirements, and coming into compliance with them all by the May 25, 2018 deadline will take extensive work for companies around the world that handle the personal data of EU residents.

In this second blog, we will examine three further questions that we asked live. You should note that many listen to such sessions in the post-recording, so the sample set in the live polls was 300+, but I would suggest this still gives us a very valuable sample of perceptions.

Obviously any new legislation being implemented is done with noble intent. In these instances, the way in which we use and depend on the Internet has evolved: there is a desire to drive confidence in society as our digital world grows. It was therefore good to see that 74 percent of respondents saw the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS Directive) as raising the bar for cybersecurity, compared to their current capabilities. Nine percent felt that existing security regulations in their industry were already higher, which I would suggest is most likely organizations in the financial services space. But what we should consider is that the bigger the gap between where organizations are today and the needed requirements, the more time and budget will be required to achieve compliance. As such, one of the first tasks for any organization should be to complete the gap analysis to validate the scope of work ahead and, importantly, to get the right executive sponsorship behind the project.

The second poll looked at just what the gap analysis was. Nearly half (44 percent) suggested they have significant work ahead. There are both positives and negatives here. There is an indication that analysis has been done, but only 14 percent suggested they had a managed project already underway. A concerning 36 percent suggested they had no idea of the effort required or were not planning to start focusing on becoming compliant until the legislation goes live.

This highlights some very differing perceptions on legislation across the EU and different industry groups. But with harmonization being a key driver for the EU, I would anticipate that, in years to come, the diversity of answers would reduce.

As a security leader, it is critical to ensure that the decision to achieve compliance should be made collaboratively, which means engaging the legal team, business leaders and the cybersecurity team to make an informed decision on what the right next steps are for the business to take. It's easy to simply state that this is a "must", but for each business there must be a review in terms of gap analysis, costs of compliance, ownership and investment strategy. For some, the timescales and investment required may already be too constrictive.

The final poll validated as much, with only 35 percent of respondents confident in their company's ability to adhere to the 2018 deadline. Thirty-six percent already considered the timescales to be tight, and 14 percent suggested they didn't expect to make the go-live date. Of note was the 15 percent that are still waiting on timelines to be finalized, to which I would suggest that these are now sufficiently well-defined. We should not be waiting to act, but for many legislation can be a complex quagmire. That is why organizations must engage with their legal teams and ensure they either get educated or remain informed about these legislations and how they impact cyber strategies.

Hopefully the insight from your peers gives you confidence that you are in line with others on your journey in adhering to the upcoming requirements. If you are not, may that insight help you gain the business support you need to validate the importance of catching up with your peers.

So what next? I would suggest you consider the following key steps in your action plan:

1. If you haven't already, start preparing now!

2. Stay informed. Palo Alto Networks will continue to provide you with updates on what this means for you and your cyber strategies on our microsite: [http://go.paloaltonetworks.com/regulation](http://go.paloaltonetworks.com/regulation).

3. Assign executive ownership.

4. Complete a gap assessment: Can you qualify your risk today and do you have the relevant regard for "State of the Art"?

- Work with your auditor/advisors to have a clearly defined risk assessment.

5. Ensure you have legal and privacy guidance (internal/eternal) to validate that you have the right understanding of the legislation for your business.

6. Define a plan to get adopt and maintain relevant regard for "State of the Art".

7. Make a clear plan on how you will deal with incidents, as they will happen.

8. Ensure you have a made conscious decisions on how you balance your investments, between prevention and detection ("State of the Art") and responsive capabilities.

*** ** * ** ***

## Related Blogs

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Securing the AI Before Times](https://origin-researchcenter.paloaltonetworks.com/blog/2025/08/securing-ai-before-times/)

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### The Next Wave of Cybersecurity](https://origin-researchcenter.paloaltonetworks.com/blog/2025/06/next-wave-cybersecurity/)

### [CIO/CISO](https://www.paloaltonetworks.com/blog/category/ciociso/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Information Security Governance](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/information-security-governance/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Landmark EU Law Strengthens Cybersecurity of Critical Infrastructures](https://origin-researchcenter.paloaltonetworks.com/blog/2022/12/landmark-eu-law-strengthens-cybersecurity-of-critical-infrastructures/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Ireland's Commitment to Cybersecurity](https://origin-researchcenter.paloaltonetworks.com/blog/2019/08/irelands-commitment-cybersecurity/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### The Greatest Risk Is Not Doing a Risk Assessment](https://origin-researchcenter.paloaltonetworks.com/blog/2019/05/greatest-risk-not-risk-assessment/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language