Once your company has completed the previous phases around the GDPR, it is important that the actions that have been implemented will also be maintained, updated and modified as your company’s development.

Depending on the type of personal data your company has, how you use these personal data and how your business develops, some routines should be built into which the different elements of the GDPR will be checked.

In large complex companies, one will build an annual wheel where the different areas will be added monthly, while for most Danish companies it will be appropriate to look at it every quarter.


How deeply going into its ongoing evaluation is up to the individual company. As a minimum one should look at what changes have been in the company since last time and then adjust from it.

The areas that will be decisive in relation to the ongoing work are:

  • New or other types of personal data
  • Changes in the personal data are being used
  • New systems
  • Changes in legislation
  • Acquisitions

It may be useful to use control tools to ensure that you reach 360 °.

If you are a larger organization, GlobalSequr recommends using a data mining tool to ensure that the structures you have built up are also being followed.It may also be advisable to have an outside company to audit so you are sure that you comply with the legislation, and a report should be prepared regularly to management in relation to the status.

With this guide, your company is hopefully prepared better to cope with the General Data Protection Regulation. We are, of course, at your service, if you want to hear more or want a bid on how we can help your business.