This article appearing in CFO.com gives some interesting advice. However, I'm not sure a) it is practical, and b) was written by anyone that really knows regulation.
Why not read it and list what you feel were the errors in advice?
http://ww2.cfo.com/data-security/2017/08/six-ways-curb-costs-data-breach