web analytics

GDPR Data Checklist and Information

GDPR Data Checklist

Below is a GDPR data checklist followed by links to other sites and articles about GDPR data.  We’ve tried to take the jargon out of GDPR data requirements and added notes to make things clearer.
  Notes
GDPR Information Audit  
  • What personal data is being held?
  • Where did it come from?
  • Who is it being shared with?
You should document what personal data you hold, where you hold it, where it came from and who you share it with.
GDPR Communicate Privacy Information  
  • Privacy notices reviewed?
  • Plan in place for making any necessary changes in time for GDPR implementation?
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
GDPR Individual Rights  
  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • The right not to be subject to automated decision-making including profiling
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
GDPR Subject Access Requests  
  • Process/Procedures in place to handle requests within the new time frames (30 days)?
You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
GDPR Lawful Basis For Processing Personal Data  
  • Lawful basis for processing personal information identified & documented?
  • Privacy notices updated to explain this?
You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
GDPR Consent  
  • Review how you seek, record and manage consent
  • Refresh existing consent if it does not meet GDPR standards
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
GDPR Data Breaches  
  • Procedures in place to detect, report &
    investigate data breaches?
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
GDPR Data Protection Officer (DPO)  
  • Are you formally required to designate a DPO?
  • You have someone designated to take responsibility for data protection compliance?
Although not usually necessary for smaller business, it is still recommended that you should designate someone to take responsibility for data protection compliance and requests.
GDPR International  
  • Does your organisation operate in more than one EU member state (cross border processing)?
  • Determine your lead data protection supervisory authority
If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party Guidelines will help.
Share This