1. Start where you are: Review your own situation: what does your company still need to do before the new GDPR takes effect on 25 May?
2. Use what you have: Make use of the input from data protection authorities and the information in the it-sa Newsroom to prepare for the GDPR.
3. Do what you can: Set priorities: start by focusing on the publicly accessible handling processes that involve personal data.
4. Not much time left? Bring in outside consultants to help!
5. All done? – Perfect! In that case, use your own story to actively advertise your own trustworthiness.