Assessing your business

  • What personal data do you collect?
  • When personal data is collected do you explain why it’s captured and what you do with it?
  • Are individuals given the option to refuse marketing or withdraw consent?
  • Do you ensure that you don’t use pre-ticket boxes or implied consent by default?
  • Where is your data stored (electronic and physical) and does it leave the EU?
  • How have you obtained that personal data? Do you have a lawful basis for processing it?

    Click here for more on the GDPR and processing personal data

  • How long do you store the data? Is it longer than strictly necessary, e.g. invoices for stored for 6 years for accounting purposes before they are deleted.
  • Do you collect and store any sensitive personal data, children’s data, genetic information or credit card details? Do you have the security in place to collect, process and store it?


  • Are you able to handle requests for data to be modified or deleted? Is there a policy in place?
  • Are your staff trained in all the relevant areas regarding the GDPR?
  • Do you review the data you hold on a regular basis?
  • Do you have a data protection officer in place?
  • Do you have a plan in place in case of a data breach?


  • Do you have a privacy policy? Does it need updating?
  • Do you have procedures in place to specify how we handle personal data?
  • Are your contracts with third party vendors up to date?
  • Do you have an up to date cookie policy and gather the relevant consent?

Can't answer all of the above?

Get in touch
Contact Get in touch