This document provides a practical guide for businesses to prepare for the General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It outlines six key steps: 1) audit personal data held, 2) review how data is processed, 3) review consent processes, 4) review contracts, 5) ensure a data breach process, and 6) other compliance steps. Key actions include documenting personal data, reviewing lawful bases for processing, updating privacy policies and employee training. The guide emphasizes establishing lawful and transparent processing of personal data under the GDPR.