Under GDPR compliance, the Dutch Data protection authority recently examined 30 companies and their internal records to ensure compliance. The companies were selected at random and are active in various sectors, including construction, hotel, financial services and more. Stphanie De Smedt, Florence d’Ath and Joanne Zaaijer of Loyens & Loeff discuss how more than two years after the adoption of the GDPR, and almost two months after its effective application date, it is now really time for companies to be able to show that they have done their homework, starting with a proper data flow mapping exercise and internal recordings.