In the run-up to 25 May (that’s the GDPR deadline, if you’ve been hiding under a rock) we’re sharing 10 steps to GDPR compliance.

In fact, we’re not sharing them, our CAT is. We kick off today on Instagram, Facebook, Twitter and LinkedIn, sharing a post every weekday until the deadline, starting with this simple piece of advice – don’t panic! Do follow along, and visit for more.

If you can’t wait, here are the CAT’s 10 steps in full…

1: Don’t panic! GDPR is almost here but it’s not too late to take action.
2. Make sure people know GDPR is coming, assign data protection responsibility and get a plan in place!
3. Get legal help to update your privacy policy, with reference to GDPR, then upload it to your website.
4. Identify contact data held across all your systems, work out where it you got it from and sync it centrally.
5. Delete all redundant contacts and determine your ‘lawful basis’ for storing and processing the rest.
6. Record consent, legitimate interest, in contract or other valid lawful basis against your contacts.
7. Email contacts with engaging campaigns to obtain positive opt-in consent where required.
8. Email contacts to advise your lawful basis, allowing them to view their data and update preferences.
9. Create a date and time-stamped audit trail to show obtained consent evidence GDPR compliance.
10. Get a robust process in place to continually review your data…and stick to it!

Thirsty for more? Check out this Beginners Guide to GDPR Compliance.