You took the DPP course, but you are afraid to act, because you think that you still don't know something or don't know how.
Some steps have already been taken to implement the GDPR, but the work hasn't been completed and the enthusiasm has disappeared.
You are aware that you are violating the rules for personal data protection, but you don't have enough time and human resources, power and support of management.
You are concerned about the release of ISO 27701 and realize that soon your competitors may have a certification that you don't have.