(1) it’s a good thing, and mainly just firms up what you should already be doing, by ensuring there’s process, documentation, auditability.
(2) Don’t be scared, especially when consultancies try to make you scared of fines etc to hire them
...
...
(5) personal data is any data record from which a person can be identified
(6) there are multiple options for the lawful basis, and consent is last resort
...
(8) so for example, in many situations the contractual or legitimate interests bases would apply first - you need certain data to fulfil contractual agreements, or what is expected of you
...
...
...
...
...
...
(16) create a list of the work to be done to address any concerns. Stack-rank prioritise this. Document this.
(17) work down the list, steadily and thoroughly rather than rushing
...
A) DON’T PANIC!
B) I love deadlines, especially the swooshing noise they make as they go past