GDPR checklist: 6 things I need to do

The General Data Protection Regulation (GDPR) is a EU-wide regulation that controls how companies and other organizations handle personal data.

Published on
December 12, 2018

A cookie is information saved by your web browser. When you visit a website, the site may place a cookie on your web browser so it can recognize your device in the future. If you return to that site later on, it can read that cookie to remember you from your last visit and keep track of you over time.

1. Prepare your organization:

Introduce stakeholders across your organization to the requirements of GDPR. Conduct employee training in Cyber Security, Privacy by Design and Privacy by Default principles. Assign a Data Protection Officer (DPO) if required, i.e. if you employ more than 250 people.

2. Audit your data:

Make sure you know where all your data lives, who has access and on what devices. Identify where personal data is processed, including by third party processors. Document the grounds for lawful processing and update current privacy policies.

3. Audit service partners:

Make sure that service partners, i.e. embedded third party services on your website or Software-as-a-Service providers, are also compliant with GDPR, or under an officially sanctioned data jurisdiction. Review and map their international data flows.

4. Obtain consent:

Implement methods for seeking, obtaining and recording consent to ensure compliance. Keep a clear record of what each individual data subject consented to and provide options for the data subject to revoke or change a consent.

5. Respond to data rights:

Implement procedures that enables your organization to respond to data subject rights, i.e. data access, rectification and erasure. Document how they will be exercised in both customer and employee contexts.

6. Prepare for data breaches:

Ensure that there are procedures in place to detect, investigate and report on personal data breaches to meet the GDPR's 72 hour-deadline for notification.