I find it all very confusing. Just when I’ve spent a few hours figuring something out and deciding to set something in place, I then hear from someone else that we don’t have to set that thing in place. There’s reams of info, with clauses about this and that and the other.
So I reckon, reduce your stress and prevent pulling out your hair, put a whole bunch of stuff in place, cover your back, then you don’t have to worry about anything.
I’ve made this list as concise as possible, and here is another list, which you really need to read as well, as it considers other elements of GDPR.
Don’t believe everything I say. However, if you implement my suggestions, you can save yourself a lot of time and energy AND play it safe. You might not need to do everything on this list and my previous list, however I figure, if you do all of this, then you can say you are offering best practice for everything.
There is so much to read and lots of conflicting advice, so I hope I’m interpreting it all correctly.
The 3 blog posts I’ve written are my interpretation and what I believe is best practice to get GDPR ready.
Get informed through other channels and do let me know if you find conflicting advice.