There is checklist for small and medium-size businesses that vast majority of them has to apply. These include:
- Keep the records of Data Processing Activities. Be ready to present the report of Data Processing Activities to your local Data Protection Authority.
- Manage customer requests based on “new rights” the GDPR provides to persons. Most important ones include: a) Right to Know, b) Right to Data Portability c) Right to be Forgotten.
- Have a list of your Service Providers (called Processors in GDPR language) who are processing Personal Data for you and conclude or amend an agreement with each of them to handle Personal Data processing issues.
- Manage Data Breaches and report these to your local Data Protection Authority.