You are currently viewing 12 Steps for Preparing for the GDPR

12 Steps for Preparing for the GDPR


ICO has prepared a very useful document sharing the 12 steps to take to prepare for the GDPR. The GDPR arrives on May 25, 2018. It’s not long and there are many businesses that need to prepare to become compliant and avoid rather expensive fines. Today we’re sharing the 12 steps (you can read the original source, here) along with further suggested reading for anyone who is still feeling confused and worried about the GDPR.

  1. Be aware of what the GDPR is and what it means for your business
  2. Document all the personal data that your business hold. Write down information on where you obtained the data and who else has access to this data (who you share it with)
  3. Read your current privacy information and make changes that are required to be compliant with the GDPR
  4. Check over the procedures for individuals’ rights and make sure all rights are covered. Include details on how personal data will be deleted and how you will share electronic data and the format you’ll be using
  5. Plan how access requests will be handled
  6. Establish the lawful basis of the processing activity in the GDPR, write it down in a document and update your privacy notice so it is recorded and explained
  7. Review how you seek, record and manage consent and update to be compliant with the GDPR if necessary
  8. Do you need to verify ages or obtain parental or guardian consent in your data processing activity? These systems will need to be put in place.
  9. Plan for data breaches and have the correct procedures in place so breaches can be detected. The procedures need to include the reporting and investigating processes.
  10. Read more about the ICO’s code of practice on Privacy Impact Assessments and Article 29 Working Party and work out how to implement the latest guidance into your business
  11. Give a member of your team the responsibility of data protection compliance and find out if you need to formally make someone the Data Protection Officer
  12. Determine which of the Article 29 Working Party guidelines you need for compliant on an international scale if you do business in more than a single EU member state.

Further Resources

Are you GDPR Ready?

Guide to the GDPR

Getting Ready for the GDPR

Rules for the Protection of Personal Data inside and outside the EU