Is there an official way of implementing the GDPR?

Taking into account the wide variety of factors that come into play when a company or organisation processes personal data, the GDPR is not a one-size-fits-all checklist of implementation measures.

In general terms, the GDPR offers individuals (or “data subjects”) certain rights, and you need to make sure that you are able to uphold these rights. At a basic level, you will need to get to know the ins and outs of what data you process and how you process it, and assess what risks this poses to the data subjects. Generally speaking, the higher the risk, the more you will have to do to protect the data; if you store sensitive personal data (related to health, sexuality etc.) or payment details, you have a greater responsibility to protect it than if you have data on people’s shoe sizes.

To make sure your company or organisation is in compliance with the GDPR, you should start by assessing your current data practices and procedures (map all your data flows), then evaluate these and adapt them as needed to fulfil the requirements of the GDPR. Document your reasonings and actions; then make sure to monitor and periodically review your practices.