How to get ready for GDPR – follow our 6 step action plan

GDPR data privacy compliance help

GDPR compliance is not an option – it’s the law, but it’s also your opportunity to improve existing business operations and to build competitive advantage. Here at Business Clan we are taking a pragmatic and risk based approach to GDPR compliance.

Reading time – about forty minutes. Alternatively, skip to the key takeaways (a 10-second read) and bookmark this page to read later.

What’s covered – if you are new to GDPR, then first read our overview and get to grips with what your legal duties and responsibilities are. If you are ready to dive in, then follow our 6 Step Action Plan to progress your journey to GDPR compliance. Afterwards, if you still have questions, then read our FAQ.

Help – our team of specialists are here to help with training, consultancy and implementation. Get in touch for a FREE initial consultation.


  • 17/06/2018. A link to HR Solutions’ guidance on the authority/justification for retention periods has been included in the FAQ on “How long can you keep personal data for?”.
  • 24/03/2018. The data protection fees in the FAQ section How to register has been updated.


This section covers what the GDPR is, its objectives and scope, and who needs to comply.

Six step action plan

The following action plan is designed to help you comply with GDPR. If you already adhere to the principles of the Data Protection Act, then it will be a case of tightening up your best practices and implementing a few additional processes and procedures.

6 Step Action Plan



Work out what you have to do



Tell people what you will do



Do what you say you will do



Prove what you are doing



Inform, notify & act promptly



Review & maintain compliance

Step 1 – PLAN

Work out what you have to do

You need a clear road map to minimise risk and avoid costly mistakes later on. We have broken this stage into four tasks:

Step 2 – NOTIFY

Tell people what you will do

Transparency is key to processing personal data fairly and you must inform people about how you will collect and use their personal data.

Step 3 – ENACT

Do what you say you will do

Make sure you train your staff, so that they carry out what you say (in your data privacy notices) that you will do.

Step 4 – RECORD

Prove what you are doing

Under the accountability principle, you need to be able to demonstrate compliance.

Step 5 – RESPOND

Inform, notify & act promptly

The GDPR stipulates how you must respond to subject access requests and handle data breaches and complaints.

Step 6 – REPEAT

Review & maintain compliance

Remember that processing activities may change over time. As and when they do, you will need to test, record and, if necessary, amend your processes and procedures, and retrain staff.

Key takeaways

  1. Doing nothing is not an option. If you are a data controller or data processor, you are accountable for collecting, processing and protecting personal data lawfully and fairly, and you have to be able to demonstrate compliance. You won’t be able to do that unless you understand your legal duties and responsibilities.
  2. Transparency is essential. Tell people when you collect their personal data, what you will use it for (your legal bases) and inform them of their rights via appropriate privacy notices.
  3. Compliance is an on-going task. You need to assess compliance whenever your business processes change and, if necessary, perform a data protection impact assessment (DPIA). Follow our 6 step action plan to GDPR compliance.
  4. It’s not black and white. If in doubt, put the privacy rights of individuals first and handle complaints well.

If you have questions or need help, you can reach our compliance team here.



To achieve and maintain GDPR compliance, you need to adhere to the principles of GDPR and follow best practices. The resources below will help you to do this:

Do you need help with GDPR compliance?

Tell us about what help you need

    We respect your privacy.

    If you found this useful, please share.

    Do you need help with GDPR compliance?
    Tell us about your business challenge

      We respect your privacy.

      Sign up to receive our quarterly newsletter with offers and blogs.

      We respect your privacy.
      You may opt out at any time.

      Related articles