Are you GDPR ready?

Since every business is different and the GDPR takes a risk-based approach to data protection, companies should work to assess their own data collection and storage practices (including the ways they use HubSpot’s marketing and sales tools), seek their own legal advice to ensure that their business practices comply with the GDPR.

GDPR GDPR
  • The Assessment

    ×

    How to do this task:
    Subtasks:
  • What personal data do we collect/store?

    ×

    How to do this task:
    Subtasks:
  • Have we obtained it fairly? Do we have the necessary consents required and were the data subjects informed of the specific purpose for which we’ll use their data? Were we clear and unambiguous about that purpose and were they informed of their right to withdraw consent at any time?

    ×

    How to do this task:
    Subtasks:
  • Are we ensuring we aren’t holding it for any longer than is necessary and keeping it up-to-date?

    ×

    How to do this task:
    Subtasks:
  • Are we keeping it safe and secure using a level of security appropriate to the risk? For example, will encryption or pseudonymisation be required to protect the personal data we hold? Are we limiting access to ensure it is only being used for its intended purpose?

    ×

    How to do this task:
    Subtasks:
  • Are we collecting or processing any special categories of personal data, such as ‘Sensitive Personal Data’, children’s data, biometric or genetic data etc. and if so, are we meeting the standards to collect, process and store it?

    ×

    How to do this task:
    Subtasks:
  • Are we transferring the personal data outside the EU and if so, do we have adequate protections in place?

    ×

    How to do this task:
    Subtasks:
  • The GDPR Project Plan

    ×

    How to do this task:
    Subtasks:
  • Have we put a project plan together to ensure compliance by the May 2018 deadline?

    ×

    How to do this task:
    Subtasks:
  • Have we secured buy-in at executive level to ensure we have the required resources and budget on hand to move the project forward?

    ×

    How to do this task:
    Subtasks:
  • Do we require a Data Privacy Impact Assessment?

    ×

    How to do this task:
    Subtasks:
  • Do we need to hire a Data Privacy Officer?

    ×

    How to do this task:
    Subtasks:
  • Are we implementing a policy of ‘Data Protection by Design and Default’ to ensure we’re systematically considering the potential impact that a project or initiative might have on the privacy of individuals?

    ×

    How to do this task:
    Subtasks:
  • Have we considered how we handle employee data in our plan?

    ×

    How to do this task:
    Subtasks:
  • The Procedures and Controls

    ×

    How to do this task:
    Subtasks:
  • Are our Security team informed to ensure they’re aware of their obligations under the GDPR and do they have sufficient resources to implement any required changes or new processes?

    ×

    How to do this task:
    Subtasks:
  • Do we have procedures in place to handle requests from data subjects to modify, delete or access their personal data? Do these procedures comply the new rules under the GDPR?

    ×

    How to do this task:
    Subtasks:
  • Do we have security notification procedures in place to ensure we meet our enhanced reporting obligations under the GDPR in case of a data breach in a timely manner?

    ×

    How to do this task:
    Subtasks:
  • Are our staff trained in all areas of EU data privacy to ensure they handle data in a compliant manner?

    ×

    How to do this task:
    Subtasks:
  • Do we review and audit the data we hold on a regular basis?

    ×

    How to do this task:
    Subtasks:
  • The Documentation

    ×

    How to do this task:
    Subtasks:
  • Do we have a Privacy Policy in place and if so, do we need to update it to comply with the GDPR?

    ×

    How to do this task:
    Subtasks:
  • Do we have a defined policy on retention periods for all items of personal data, from customer, prospect and vendor data to employee data? Is it compliant with the GDPR?

    ×

    How to do this task:
    Subtasks:
  • Are our internal procedures adequately documented?

    ×

    How to do this task:
    Subtasks:
  • If we’re a data processor, have we updated our contracts with the relevant controllers to ensure they include the mandatory provisions set out in Art. 28 of the GDPR?

    ×

    How to do this task:
    Subtasks:
  • In cases where our third party vendors are processing personal data on our behalf, have we ensured our contracts with them have been updated to include those same processor requirements under the GDPR?

    ×

    How to do this task:
    Subtasks:
This checklist was created by samysergam

1345 copy saved

1345 copies saved