As a follow up to my GDPR post last week do check out this video put together by law firm Lewis Silkin. I love a list and this a nice summary of key things we all need to do:

  1. Map and audit your data flows
  2. Identify your 3rd party processors
  3. Identify cross border transfers
  4. Some firms will need a Data Protection Officer
  5. Don't rely on consent - (but know all about how to process data and contact if is 'proportionate processing for a legitimate business interest')
  6. Adapt your privacy notices and policies
  7. Get ready for changes to data subject access requests (no more £10 fee)
  8. Consider privacy implications at all stages
  9. Breach management - you will have just 72 hours to report any breach
  10. Training across your organisation.  This could impact every level of your hierarchy
  11. Identify your lead regulator