This guide aims to demystify the myths and scare stories that are circulating regarding the impending arrival of GDPR. Practical guidance is supplied in relation to implementing a simple compliance plan. It discusses the Regulation, required business process changes and the IT systems necessary to achieve ongoing compliance. The author is widely experienced in the three crucial areas that GDPR affects: Business Management, Information Technology and Data Protection legislation.Currently acting as a Data Protection Officer to a number of different clients, implementing a range of GDPR compliance programmes, the author has previously published in both law and Information Technology, holds an MBA in lean business process management and is a long standing Microsoft Certified Engineer.This guide is aimed at providing managers in UK SMEs with the necessary information required to make the required changes in IT, business process and data management, to achieve GDPR compliance. Further, it should help managers who are faced with consultants and salespersons that are trying to sell them GDPR related products or services, to understand what is being offered.