This paper explains how to:

• Quickly determine which laws are relevant to your organisation and what you can do to demonstrate your compliance with them;
• Carry out information security risk assessments and DPIAs (data protection impact assessments);
• Understand the data you process and the risks to its security; and
• Manage your data processing activities in compliance with the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018.