You should consider having a strategy for:

  • Performing or auditing master data management across the organization, to ensure user data is consolidated and well-governed
  • Obtaining or confirming user consent according to processing categories that conform with the regulation
  • Establishing a robust system for pseudonymization, and
  • Executing dry-run audits to demonstrate an ability to satisfy regulators quickly and completely.

It’s a lot of work, especially for small-to-medium-sized organizations.