4. Data breach
Establish firm procedures for what to do in case of data breaches and leaks, which needs to be reported.
Inspect and guarantee that you have valid consents from your clients to process their data.
Determine whether you need a Data Protection Officer in your organisation (mostly large establishments).
7. Evaluate and maintain
What works? What doesn’t? Maintain your new approaches and control that they work as intended, and cf. the GDPR.