What The GDPR Requires
You process personal data in accordance with the 6 principles
That you always have a ground to process personal data – and another if you process special category data
That you secure valid consent to process personal data
That you provide privacy information
That you respond to requests by individuals to exercise their rights
That you consider data protection at the outset so it can be baked in
That you consider situations where you control personal data alongside others
That you consider appointing a UK representative
That you maintain a Record or your processing Activities
That you put in place appropriate security
That you consider notifying the ICO and individuals if you suffer a personal data breach
That you consider undertaking Data Protection Impact Assessments
That you consider appointing a Data Protection Officer
That you lawfully transfer personal data out of the UK
DPA/OK can help you with all of this.