Conduct a risk assessment exercise to flag out any potential data protection risks, and put in place data protection policies to mitigate those risks

Conduct a risk assessment
Review data protection risks within your organization and come up with mitigating measures to address these issues. For example, your organization may wish to consider carrying out regular internal audits to ensure that its processes adhere to the data protection laws. In the case of a breach, your organization should also have processes and measures in place to respond to such situations. 

Source :
http://www.cmsdistribution.com/steps-general-data-protection-regulation-gdpr/