A 12 Step Approach to General Data Protection Regulation (GDPR) Compliance

Preparing for the General Data Protection Regulation (GDPR)

This checklist highlights 12 steps you can take now to prepare for the General Data Protection Regulation (GDPR) which will apply from 25 May 2018.

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently. It is important to use this checklist and other Information Commissioner’s Office (ICO) resources to work out the main differences between the current law and the GDPR. Over the next few months, the ICO will set out its plans to produce new guidance and other tools to assist preparation. The Article 29 Working Party will also be producing guidance at European level. The ICO will also be working closely with trade associations and bodies representing the various sectors – you should also work closely with these bodies to share knowledge about implementation in your sector.


Read more about the ICO recommendations for GDPR preparation.