Performing a data audit: One of the main requirements of the GDPR is for organisations to maintain a record of the data that they collect. One of the first steps, therefore, is to get an overview of the different data that each organisation collects. This may include things like membership information, payment information, analytics collected about users of the website or other social channels, etc. It’s also important to understand who does (and, importantly, who does not) have access to that information and how securely that information is stored and transferred. We have developed a data audit template, which will be shared separately and could form the basis of this audit. And finally, check with any third parties (e.g. payment processors, web hosts, technology partners, etc.) to make sure they are compliant with GDPR.