The best place to start is identifying the Five ‘W’s’ – ‘What, Why, Who, When and Where’ for personal data within your business. This will assist you to focus on all the potential personal data that may be controlled or processed within your organization. From this point, you can then decide on what risks you may have and what controls may be needed to address these risks.
Unless you are fully up to speed on what the GDPR requires (to assist you to identify risks), we recommend that you may wish to seek guidance or support with this process. Speak to Blackmores to assist with getting started.