Everyone has been told numerous times the importance of the May 25 2018 GDPR D-day. Reality is that most companies have initiated a number of GDPR projects to discover the legal & process aspects, put a basic DPO-like organization in place and have started with a typically manual Excel based data register.
All of this can be considered important but still fairly basic and theoretical steps. The big question however is how your data landscape really looks like?
With these basics in place, you wonder what practical next steps you should take to make actually implement this? What should be solved from an IT Security perspective? What data is available? Where is the data physically located? Who can and may access and process this data? What are the exact roles & responsibilities?