If there's one aspect of GDPR that is likely to grab the attention of any CFO it is the potentially eye-watering fines organizations could be hit with if they are found to have breached the new data protection regulation.

As the gatekeepers for the company finances, and often the boardroom owner of risk management, what CFO isn't going to sit up and take notice when the sums involved could be up to €20 million or four per cent of annual revenue - whichever is larger?

However, CFOs shouldn't just be sitting in fear, hoping the day never comes when they have to pay out such a fine. There is much they should be doing to ensure their organization is prepared, starting with participation in cross-organization planning and an audit to ensure they understand the types of personal data that is being processed within their organization, where it resides, who has and needs access to it, and how their processing activities are affected by GDPR.

For CFOs this process should include reviewing what data they hold, create and preside over with finance. That could include employee information such as payroll or salary data, as well as data held by suppliers, contractors and outsourcers who may report into the CFO. CFOs should be reviewing the contracts they have in place with those suppliers to ensure they are fit for GDPR.