There are 8 steps:
1. Know the law is changing – which you now do, so that’s one thing you’ve done already!
2. Make sure you have a record of the personal data you hold and why.
3. Identify why you have personal data and how you use it.
4. Have a plan in case people ask about their rights regarding the personal information you hold about them.
5 . Ask yourself: before I collect their data, do I clearly tell people why I need it and how I will use it?
6. Check your security. This can include locking filing cabinets and password-protecting any of your devices and cloud storage that hold your staff or customers’ personal data.
7. Develop a process to make sure you know what to do if you breach data protection rules.
8. Don’t panic: they’re here to help. For example, you can see some frequently asked questions and their answers for several different business sectors.
Find out more about each of these steps.