Anyone here managing GDPR projects?

We have a training course that is available for clinical and business customers, and we're releasing some templates and documents for subscribers over the next few weeks. IT's been a royal pain in the neck because there's so little being released by the NHS so we've been researching, interviewing, calling anyone and everyone for advice for what seems like forever, but we're confident we've got some good documentation and our GDPR course has had some good feedback.

I am leading a GDPR effort and the first thing I will tell you is to breathe! It is not as overwhelming as you probably think.

Here is what you really need:
- Commitment from the very top of the organization - it must be a high priority for them
- Make sure you have a plan
- Do everything that can be done to avoid being reported or being breached

Your basic plan is:
1. Locate all of you personal data
2. Map the data to the processes that created it (Marketing, HR, etc.)
3. Decide which business processes should continue as they are, which should change and which should stop.
4. Make sure to get rid of all personal data that do not support #3
5. Have the appropriate guidance on the lawful basis processing what is left
6. Have executive level commitment (board level) to being fully compliant.

Currently project managing my companies HR GDPR readiness effort. Echo everything Brian has mentioned above (especially the breathe). I would add, from our perspective, its important to have detailed process flows to support data subject access rights and privacy incident response management. We are expecting an uptick in DSAR's come end of May.

Also - archive your project collateral, if a DPC approaches your company, wouldn't it be great to be able to pull out you project scope, schedule, resource allocation matrix etc as evidence of how seriously you are taking it. I doubt any company will be 100% compliant immediately, but I think be able to demonstrate your engagement with it would be sufficient initially.