Compliance will fail if the organizations fail to create a cybersecurity culture where every member of the organization has understood the rules for the protection of personal data

https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/organizational-cybersecurity-at-the-crossroads-of-culture-gdpr/