Understand which parts of the GDPR apply to your organization, as a data processor and/or data controller. Learn the definition of personal data in the context of the new regulation. Locate and inventory personal data in all formats, resident in databases, corporate systems, information repositories, and personal devices. Be sure to include third parties who store records on your behalf. Classify information for categorization, protection, and management.