It's hard to believe I'm still talking to companies who are only now getting started on GDPR compliance. In fact, Cisco's 2019 Data Privacy Benchmark Study found that only 59% of the 3,206 organizations they surveyed felt they were largely compliant. Nine percent had not even started their compliance work: There are other companies who are thinking to entering the EU market and they are starting down the path of understanding what is required from a GDPR perspective. If I were starting my GDPR compliance journey, the first thing I would do is a gap assessment. There are many outstanding gap assessment tools available, including: Data Protection Self Assessment https://ico.org.uk/for-organisations/data-protection-self-assessment/ ISACA-CMMI GDPR Assessment (requires ISACA membership) http://www.isaca.org/knowledge-center/research/researchdeliverables/pages/isaca-cmmi-gdpr-assessment.aspx Nymity GDPR Readiness Assessment Questions https://info.nymity.com/gdpr-c