Preparing for the General Data Protection Regulation (GDPR) - 12 Steps to Take Now


Key Questions: How do I prepare for the General Data Protection Regulation (GDPR)? What factors do I need to take into consideration to transition smoothly to the GDPR?

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently. It is important to use this checklist and other Information Commissioner’s Office (ICO) resources to work out the main differences between the current law and the GDPR

The GDPR places greater emphasis on the documentation that data controllers must keep to demonstrate their accountability. Compliance with all the areas listed in this document will require organisations to review their approach to governance and how they manage data protection as a corporate issue. 


  • Introduction
  • Awarness
  • Information you hold
  • Communicating privacy information
  • Individuals' rights
  • Subject access requests
  • Lawful basis for processing personal data
  • Consent
  • Children
  • Data breaches
  • Data protection by design and data protection impact assessments
  • Data protection officers
  • International 
Contact Person/Organization: 

Information Commissioner's Office (ico.)

Type of Tool:

Publication Date: 

9 Steps to prep you for the GDPR