Identify all the personal data which you process, where it is held and how it is processed.
Identify and log your data flows, especially where recipients are located in non-EU countries.
Review your data protection policies and data processes.
Download our GDPR Guidance to see 11 more steps, a lot of extra information, and a Q&A about GDPR.