Prepare yourself for the requirements of general data protection regulations (GDPR) and internal guidelines. Identify potentially sensitive and sensible data in your systems once or regularly after a data model change. For the analysis, make use of well-defined data model descriptions such as the SAP Data Dictionary (DDIC) for SAP environments or other documented data models for other application environments, as well as statistical methods for ad hoc data model analysis. Document the results in a report, and prepare next steps for eg. GDPR relevant measures on this basis.