- Identify all the personal data which you process, where it is held and how it is processed.
- Identify and log your data flows, especially where recipients are located in non-EU countries.
- Review your data protection policies and data processes.
- Download our GDPR Guidance to see 11 more steps, a lot of extra information, and a Q&A about GDPR.
GDPR: What every non-EU business should do now
Doing nothing is no option, so every non-EU company should start with the following four steps (and quickly after that, take 11 steps more!)