The GDPR aims to improve the protection and management of users' personal data. On the user side, private "more positive" legislation has not appeared for a long time. However, from the point of view of those who process the data, the situation is not so great. To do this properly, each organization needs to identify and document the locations where personal data is stored in existing databases and apply the GDPR. In cases where the system is in the early stages of development, identifying business processes that are subject to GDPR rules can help.