- Identify commercial links and exchanges with the European Union that include personal data to work out whether or not the GDPR applies.
- Focus on visible items first.
- Document your data protection (e.g. inventory of processing operations).
- Adopt clear and simple work instructions.
- Raise employee awareness of security and ethics.
- Avoid copying and pasting a privacy policy.
- Pay attention to contractual matters.