GDPR Your 11 Point Checklist
Ensure that key personnel within your organisation are aware of the GDPR, what it means for the organisation. Time to review your risk management processes and identify any challenges that arise.
One of the principles of GDPR is accountability. As an organisation you must be clear on the personal data that you hold. You must be clear on, why you hold it, Do you still need it? How long have we had it? How safe is the data? GDPR is about making the organisation accountable for the personal data that they hold.
3. Data Privacy Notices
Data privacy notices must be reviewed and ensure that they are fit for purpose and GDPR compliant. You MUST tell individuals how you intend to use their data.
4. Privacy Rights of Individuals & SARs (Subject Access Requests)
Your policies and procedures need to cover ALL of the rights that individuals are now entitled to. This must include, deletion, portability, corrections, the right to be forgotten. You must also have a procedure to allow a Subject Access Request (SAR). Under GDPR any individual can ask to have access to their data, they can check it, port it, ask for it be deleted. You must be able to access this data easily and work within the 1 month time scale.
5. What is the legal basis for processing?
What is your legal basis for processing, are you relying on consent?
For some companies this will be a huge issue! How is your database, can you say that it is 100% compliant for GDPR? Can you honestly that each and every one of the contacts on your database agreed to be there, if that is the case then congratulations, however if you are one of the many that doesn’t have a 100% opted in database then now is the time to look closely at how you obtain and record consent. Look at it as an opportunity to reconnect!
7. DPIA (Data Privacy Impact Assessment)
GDPR puts privacy at the heart of data protection regulations. Data privacy, ‘privacy be design’ needs to be your first thought when embarking on a new project.
8. DPO (Data Protection Officer)
Do you have one? Do you need one? Do you have someone in house who can act as your DPO? If so do they need assistance? Or is it a function that would be happy to outsource?
9. Data Breach
The unthinkable has happened and a data breach has happened. Do you have the processes and procedures in place to detect, investigate and report to authorities and the individuals concerned within the new 72 hour window?
10. Data belonging to Children
Do you process data from children? If so you must have the proper mechanisms and processes in place to be able to verify age and gather parental consent.
11. International Organisations
Does your organisation operate in more than one country? If so you need to decide where your data ‘capital’ is, this will help you identify where your main data establishment is located, this will allow you to identify your lead supervisory authority (LSA).
- Privacy policies for Children
- Safe Harbor Certification
- The Importance of Safe Harbor Certification
- Privacy Breach
- NHS care.data delayed - updated
- CASL - Canadian Anti Spam Legislation
- Changes to Safe Harbor certification
- Facebook Instant Personalization
- Safe Harbor vs Binding Corporate Rules
- Safe Harbor 2.0
- GDPR - General Data Protection Regulation
- Difference between GDPR and ePrivacy regulation
- What are Standard Contractual Clauses?
- Privacy Shield Vs Standard Contractual Clauses
- Data Protection for the Social Housing Sector
- Does Working from Home Affect Data Protection?
- How Can I demonstrate that My Organisation is GDPR Compliant?
- To BREXIT and Beyond!
- GDPR - The Data Audit
- Preparing for GDPR
- Marketing and GDPR
- GDPR & International Organisations
- Processing Data Belonging to Children
- The Data Breach
- The Data Protection Officer
- DPIA - Data Protection Impact Assessment
- The Legal Basis for Processing
- GDPR is not just about DATA . . . its about PEOPLE and REPUTATION
- Privacy Rights of Individuals under GDPR
- Data Privacy Notice - Communicating with individuals
- GDPR Your 11 Point Checklist
- Data Protection & GDPR
- For The B2B Marketer What Does GDPR Mean?
- The Marketing Database and GDPR
- GDPR – General Data Protection Regulation
- Flexible Working - Mums the word
- Bullying In The Workplace
- Marketing Automation – Making Customer Touch Points Productive and Value for Money
- Using Marketing Automation to Increase CRM and Operational Efficiency
- Do Women Undersell Themselves in the Workplace?
- Outsource your Data Protection Officer (DPO)