GDPR Checklist

Assessing your business

• What personal data do you collect?
• When personal data is collected do you explain why it’s captured and what you do with it?
• Are individuals given the option to refuse marketing or withdraw consent?
• Do you ensure that you don’t use pre-ticket boxes or implied consent by default?
• Where is your data stored (electronic and physical) and does it leave the EU?
• How have you obtained that personal data? Do you have a lawful basis for processing it?
  

  Click here for more on the GDPR and processing personal data

• How long do you store the data? Is it longer than strictly necessary, e.g. invoices for stored for 6 years for accounting purposes before they are deleted.
• Do you collect and store any sensitive personal data, children’s data, genetic information or credit card details? Do you have the security in place to collect, process and store it?

Procedures

• Are you able to handle requests for data to be modified or deleted? Is there a policy in place?
• Are your staff trained in all the relevant areas regarding the GDPR?
• Do you review the data you hold on a regular basis?
• Do you have a data protection officer in place?
• Do you have a plan in place in case of a data breach?

Documentation

• Do you have a privacy policy? Does it need updating?
• Do you have procedures in place to specify how we handle personal data?
• Are your contracts with third party vendors up to date?
• Do you have an up to date cookie policy and gather the relevant consent?