KEMBAR78
GDPR Checklist 1 | PDF | Business
Scribd
Upload
22 views8 pages

GDPR Checklist 1

This document outlines a checklist for companies to ensure compliance with the General Data Protection Regulation (GDPR) before the May 25, 2018 deadline. It covers key areas such as data auditing, project planning, team procedures, and documentation requirements to avoid significant fines for non-compliance. The document emphasizes the importance of understanding data handling practices and implementing necessary changes to align with GDPR standards.

Uploaded by

copot56053
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views8 pages

GDPR Checklist 1

This document outlines a checklist for companies to ensure compliance with the General Data Protection Regulation (GDPR) before the May 25, 2018 deadline. It covers key areas such as data auditing, project planning, team procedures, and documentation requirements to avoid significant fines for non-compliance. The document emphasizes the importance of understanding data handling practices and implementing necessary changes to align with GDPR standards.

Uploaded by

copot56053
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

GDPR CHECKLIST

GDPR
With the General Data Protection
Regulation (GDPR) edging closer
and closer, it’s imperative that your
company abides by the new law. Why?
Well, non-compliance could cost your
company fines of up to €20 million or
4% of your company’s global turnover
(whichever is higher).

The GDPR will replace the existing Data


Protection Act of 1998 - an outdated law
that does not have the capacity to provide
governance for the world today. After all,
in 1998 the internet was still in its infancy
and many of the dilemmas associated with
personal data simply weren’t an issue.

To ensure you’re on the right path, we’ve


put together a handy checklist to enable
you to meet all necessary criteria that your
business should implement by the set
deadline of May 25, 2018.
DATA AUDITING AND
ANALYSIS
To begin, make a detailed and comprehensive list of the data you currently hold
and make a note of the following criteria:

Do you know the origins of all your data?

Do you know how all of your data has been processed?

Do you hold or process any data that can be classified as “sensitive personal data”? If so, are you
meeting the standards outlined within the GDPR to collect, process and store it?

Is all the data kept on file secure using a level of security that is appropriate for the associated
risk? For example, if you hold sensitive personal data has this data been encrypted or undergone
pseudonymisation?

Are you transferring any personal data outside of the EU? If so, do we have adequate protections
in place?
PROJECT PLANNING
It is imperative that resource and budget have been allocated to ensure a project
plan can be implemented before the May deadline. Make sure your company has
considered the following:

Do you have a plan in place to ensure compliance by the May 2018 deadline?

Has there been executive-level buy-in to ensure required resources and budget are on hand to
move the project forward?

Do you require a Data Privacy Impact Assessment? This may be necessary if you hold data that is
deemed as ‘high-risk’ to an individual’s interests.

Do we need to hire a Data Privacy Officer? This is mandatory if you are a public authority.

Have you implemented a policy of ‘Data Protection by Design and Default’ to ensure you’re
systematically considering the potential impact that a project or initiative might have on the
privacy of individuals?

Have you considered how to handle employee data in your plan?


TEAM PROCEDURES
Making sure your team is trained and able to respond in an effective and timely
manner to all requests will be essential once the GDPR comes to fruition. Consider
the following:

If contacted by a data subject, do you have procedures in place to respond to their requests and
modify, delete or access their personal data if required? Do these procedures comply with the
new rules under the GDPR?

Do you have a designated security team? If so, have they been informed about their obligations
under the GDPR and do they have sufficient resources to implement any required changes or
new processes?

In case of a data breach, are there security notification procedures in place to ensure enhanced
reporting obligations are met to a satisfactory standard in a timely manner?

Are your staff trained in all areas of EU data privacy to ensure they handle data in a compliant
manner? Staff should be familiar with the terms and associated processes outlined in this
glossary if they are handling personal data.

Are their process in place to ensure the data you hold is being reviewed and audited on a
regular basis?
UNDERSTANDING YOUR
DOCUMENTATION
A review of all current documentation in relation to personal data should be
reviewed and audited to ensure that it is in adherence with the GDPR. Consider the
following:

Do you have an existing Privacy Policy in place? If so, does it need to be updated to comply with
the GDPR? This states that “...the information you provide to people about how you process their
personal data must be: Concise, transparent, intelligible and easily accessible; written in clear and
plain language, particularly if addressed to a child; and be
free of charge.”

Do you have a defined policy on retention periods for all items of personal data, from customer,
prospect and vendor data to employee data? Is it compliant with the GDPR?

Are your internal procedures adequately documented?

If you’re a data processor, have you updated your contracts with the relevant controllers to
ensure they include the mandatory provisions set out in Art. 28 of the GDPR?

In instances where third-party vendors are processing personal data on your behalf, have you
ensured your contracts with them have been updated to include the processor requirements
highlighted above?
ABOUT US We are Digital Media Stream, a Digital Marketing Agency providing
a full service solution set helping companies continually attract and
engage their customers and prospects online.

Our services range from development and design, content


creation, inbound marketing, training and consultancy, social media
management and social media advertising.

We create marketing campaigns our customers love!

Contact Simon to find out how your company could benefit more from
Simon Leeming - Co-Founder Inbound Marketing.
WE’RE ALWAYS HAPPY TO CHAT ABOUT WHAT
WE DO, WHY, AND HOW.

GET IN TOUCH WITH US AND START THE


CONVERSATION. WE’D LOVE TO HEAR FROM YOU. 

 contact@digitalmediastream.co.uk

You might also like