Adapting to GDPR can be a rather complex task: is a substantial Regulation composed of 99 articles and 173 recitals. I thought useful, at least for me, to elaborate a reasoned summary, which directs the mental process to see if and how to adjust business procedures to achieve compliance.
As with all summaries, of course, details can be lost and there may/must be a compromise between completeness, accuracy, and simplicity.
To realize it, I choose a decision tree model, made with two points of view both thought for an EU resident:
Data Controller (cf. attachment 1)Data-CONTROLLER-decision-tree-model
Data Processor (cf. attachment 2)Data-PROCESSOR-decision-tree-model
I suggest readers to give suggestion, especially on what I presented about the Data Processor: the GDPR is (properly) focused on the Data Controller, while the Data Processor is merely described on his relations with the Data Controller; therefore, it was impossible to determine immediately a thinking scheme