Of course, you can give your lawyer the most important things to check, but the GDPR is not just an issue that the lawyer can handle alone. On the one hand, the expert lawyers are currently very busy, which can lead to delays. On the other hand, you may receive recommendations that are not compatible with your company's practices or that go further than necessary. The GDPR issue must also be implemented throughout the entire company. This starts with the fact that no customer data may be left lying around in the open or personal data may be sent unencrypted by email. Your lawyer cannot do this for you.
3. My processors take care of the issue
10 Points GDPR Checklist - My processors take care of the issueIf lebanon phone number data your processor is located in Germany or at least in the EU, you should be able to get away with this statement in good conscience. But what if it is not in the EU? That's where things get more complicated. A company based in Turkey, for example, will have relatively little interest in EU law and even if you are accommodated here, it is doubtful whether there is sufficient legal security. Another uncertainty factor is Great Britain, which is still an EU country. If Brexit does happen, it is questionable whether the British will adopt the GDPR for themselves. And of course there is the USA, whose CLOUD Act creates great potential for conflict with the GDPR. Incidentally, in this case you are not only affected if you use a US processor, this also applies to their foreign subsidiaries.
You can find out more about the CLOUD Act here .