There are hajar (1000 in hindi) guys trying to ride on this bus, including all our SaaS industry friends, leaders.
But for my limited understanding this is just one another compliance. People are so much brouha about it because of the fines in term of revenue if found non-compliance.
Have seen our GRC industry veterans riding the SOX bus and still all the large organizations using them dont have any clue about Segregation of duties because of the lack of user experience and right implementation.
According to KPMG below are the 12 important things to be acomplished in privacy framework.
Feel free to signup for FreshGRC.com or drop a note to sales@FixNix.co