Watch this video on YouTube
An organization is required to comply with updates to an existing data protection regulation. Which of the following should the risk practitioner recommend be done FIRST?