GDPR Compliance Checklist: Complete by May 25, 2018

GRPR 2018 compliant Checklist 2018 GDPR Compliant Checklist
  • Required by GDPR

  • Update your Terms of Service and Privacy Policy to include all updates, what data is being processed and why.

  • Email and alert your entire email list about all updates and changes to Terms of Service and Privacy Policy.

  • Implement a data processing consent form that is clearly written. This should not be hidden or buried in the terms or privacy policy form.

  • Implement a clear form or process for a subject to opt-in or opt-out of having their data processed.

  • Upon request, implement a process to delete a subject\'s personal data

  • Implement a process to immediately delete a subject\'s data when the data has no further use.

  • Upon request, be able to provide the subject\'s data in a "commonly use and machine readable format".

  • Upon request, be able to provide a subject\'s data to a 3rd party.

  • Implement a process to ask for parental consent when processing the data of a 16 year old, or younger, data.

  • Appoint a Data Protection Officer (DPO) if your company is: "(a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data."

  • Have a plan to alert the Data Protection Agency (DPA), and all affected individuals, within 72 hours of a data breach.

  • Recommended, but not required by GDPR

  • Review and adhere to the Official GDPR Website: 

  • Designate an appropriate person to bring your company into GDPR compliance.

  • Add a double opt-in email sign up (recommended, but not required by GDPR.

  • Anonymize your Google Analytics account. 

  • Notify and train all employees to be aware of and adhere to the GDPR.

  • Add an unchecked consent box to all sign up forms. 

  • Post a blog article about all GDRP updates your company is implmenting.

This checklist was created by listladder

copy saved

copies saved