A recent report by NTT Security has revealed that a concerning number of business leaders either do not believe that GDPR applies to them, or are not sure if it does. Given that the new legislation comes into force less than a year from now, and the severity of the potential penalties, is this a case of naivety or are there bigger business issues on their minds?