Identify all the personal data which you process, where it is held and how it is processed.

Identify and log your data flows, especially where recipients are located in non-EU countries.

Review your data protection policies and data processes.

Download our GDPR Guidance to see 11 more steps, a lot of extra information, and a Q&A about GDPR.