This document is penned by the Dept of Culture, Media and Sports. It starts by saying
Government will (...) improve cyber risk management (...) through its implementation of (...) GDPR.
Then it closes any discussion with
For now, Government will not seek to pursue further general cyber security regulation for the wider economy over and above the GDPR.Which, in a sense, is a remarkable statement since GDPR is not, strictly speaking, about cyber security. It embeds and enforces cyber security but from a narrow angle of Personal Information.