I have to agree with Mr. Lahiri of Egnyte that a good attitude is key to assisting with GDPR compliance. 

There is a lot of negative press around GDPR and a lot of scaremongering. The reality is that there are a lot of unknowns in GDPR; and yes some of the obligations are cumbersome, but that's not a reason for paralysis. 

The key guiding principles of GDPR are awareness and accountability. Those are reasonable concepts when you are dealing with someone's personal and private data. You should know what data you are collecting about people. You should know why. You should keep it secure. You should let people know what you are doing. You should not keep it for longer than you need to and you should not spam people with marketing materials they don't want. 

This is really the crux of GDPR and it's fair enough. In order to be able to answer all of those questions, you need to know what you are dealing with. My advice is to get that project team together and start gathering information on the personal data you hold asap. Your advisors can't assist you with GDPR compliance projects unless you know what you have in the first place. If you don't need it - get rid of it. 

I've included the link to our checklist outlining the main actions organisations should be taking on their GDPR compliance journey. I cannot say it enough the main action is to start. 

This checklist cannot deal with all aspects of GDPR compliance as this will depend on the individual organisation and the personal data it holds and processes, for example, the checklist does not deal with children’s data, specific processor obligations and other important areas that arise under GDPR. It is a guideline document only to help organisations get started and it is the minimum steps that  we would expect to see an organisation taking to become GDPR compliant.

To access the checklist click here