2. FIND OUT WHERE YOU STAND
Companies are in various states of GDPR compliance, ranging from none at all to complete adherence. Before embarking more deeply on your GDPR journey, find out where you stand right now. What are your policies and practices regarding data governance? Are they presented to the outside world in an open and transparent way?
If there is already data governance documentation, review this and use it as a starting point for further work. Under GDPR, this kind of documentation is mandatory. This is all part of a data protection assessment, which you can learn more about here.