Rank and prioritise necessary actions according to impact and risk of occurrence


  • Review the GDPR risks on the risk register and create prioritised list of necessary actions
  • Identify gaps and create the action plan
  • Assess available internal resources and skill sets
  • Size and cost the effort required internally and externally and build a project budget
  • Present plan and budget for sign-off by the board


  • Board sign-off of a fully costed and prioritised plan to achieve and maintain GDPR compliance
  • Agreement to implement