How can we ensure that our IT systems are GDPR-compliant?

Compliance with the General Data Protection Regulation (GDPR) requires technical and organizational measures such as access controls, encryption, and regular staff training. In addition, data processing procedures should be documented and data protection impact assessments carried out.