Step 1: Getting Your House in Order
What data do you hold? What do you do with the data, Does the Data Subject know what you do with their data and if you share it with any other business? Do you have current Data Protection controls in place or do you not?
What gaps do you have?
Are you processing data fairly, securely, for the purpose it was intended, for the time it was intended to be kept for, do you make it available to the data subject, is it consented, or do you rely or other lawful purposes outside of consent.