Chief among these is to understand where your data is. That may sound simple, but in actual fact it means doing a thorough data-mapping exercise, including investigating what third parties do with any data you hand over to them.
It’s also vital you don’t see the GDPR as a process change — it needs to be a cultural change across your whole organisation. And it needs to be thoroughly documented so that you can prove the steps you’ve taken. Take a look at this video from the event to find out more of the experts’ recommendations.