Map out organization’s personal data inventory

Review your organization’s data management framework and processes to align them with the data protection laws, for example, determining how, when and where your organization collects personal data, the purposes for the data collection, and ensuring that consent has been obtained for the collection, use and disclosure of the data.

Source :
http://www.cmsdistribution.com/steps-general-data-protection-regulation-gdpr/