Do all your procedures cover all rights individuals have? This goes from knowing what information you hold,deleting that data safely, to provide the data electronically in a standard and accessible format to name but a few.
GDPR enhances the rights individuals already had under the Data Protection Act, and if you are already compliant with the DPA, then moving on to compliance with GDPR should not be difficult.
GDPR includes the following rights (from the ICO website):
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
The right not to be subject to automated decision-making including profiling.
Portability is a new right, it only applies to personal data provided to a controller, consented , or on the basis of fulfilling a contract, or when processing is carried out in automated means
It is important to review your processes to make sure this new requirement is catered for, and you can provide this information in a commonly used structure, in a machine readable format, and free of charge
GDPR is coming into force on 25th May 2018
< 3. Communicating Privacy Info 5. Subject Access Requests >