The Ultimate GDPR Checklist
There are only six months to go until the May 25 compliance deadline for GDPR, the General Data Protection Regulation—the EU’s comprehensive data protection measure. To help you get the ball rolling we have produced a quick start guide to get you to start thinking about your GDPR strategy and what you need to do to ensure you are ready prior to May 25.
ﬦ Appoint a Data Protection Officer (DPO). Determine whether your organisation requires a DPO. Even if you don’t need one it’s a good idea to make one person/team responsible for data governance to help ensure you stay ahead of any potential changes to your responsibilities.
ﬦ Understand and inform. Ensure you and all members of your organisation understand the new rules and regulations that fall under GDPR, and that everyone understands their roles and responsibilities.
ﬦ Analyze your data. Review the data you hold, which data is considered personal or sensitive data, where that data is located, what you do with the data, who has access to the data, etc. Build a data inventory with a single data management system to easily understand your data estate.
ﬦ Procedures and processes. Evaluate your current privacy policies and identify areas where these may need to be updated. Complete a privacy audit with either internal resource or through an external provider.
ﬦ Data access rights. Identify your current policies for data access rights and document how changes should be handled. Ensure that all data processing activities have a clear legal basis for processing.
ﬦ Data subject consent. Review current processes for seeking, obtaining and recording consent– ensure that where appropriate you have consent from data subjects for processing activities, and whether that consent is still valid under the GDPR.
ﬦ Children’s data. If applicable implement new practices for age verification and guardian consent when processing Children’s data. Ensure that children’s data is processed with the highest level of security in accordance with the GDPR.
ﬦ Data breaches. Implement a procedure for your organisation to detect, investigate, handle and report on data breaches. Conduct data breach tests internally to stress test whether your procedures are adequate for GDPR.
ﬦ Impact assessment. Familiarize yourself with the ICO’s Privacy Impact and Assessments and implement best practices within your organisation. Ensure that your GDPR policies are enterprise-wide and take into account all business activities.
ﬦ Be prepared. Preparation is key for GDPR; don’t wait until May 25! Start planning and implementing your strategy now.
Jennifer Jones is a marketing coordinator at Connexica.