With GDPR now just months away, there is obviously much discussion, concern and general rumour doing the rounds. To help you with your preparations we have compiled a checklist of the things that you should be looking at.


It is a good idea to set out your management support and the direction that you wish to take for data protection compliance in a framework of policies and procedures. If you don’t already do so, it is time to begin monitoring your compliance with data protection policies and to regularly review the effectiveness of data handling/processing activities and security controls. It is recommended that your business develops and implements a needs-based data protection training programme for all staff.


Decision makers and key people in your business need to be aware that the law is changing to the GDPR and appreciate the impact this is likely to have. Make certain your business has identified areas that could cause compliance problems under the GDPR and record these in a risk register. Raise awareness, across your business, of the changes that are coming.

List the information you hold

Your business should document what personal data you hold, where that data came from and who it is shared with. It is a good idea to conduct an information audit across the organisation to map data flows.

Data Protection by Design and Data Protection Impact Assessments

One of the most important parts of compliance with GDPR is to show that you have taken the appropriate measures. Make sure that your business has implemented appropriate technical and organisational measures to show you have considered and integrated data protection into your processing activities.

Check out GDPR doesn’t have to be difficult for lots of great information.