GDPR Compliance Checklist: Complete by May 25, 2018
2018 GDPR Compliant Checklist
-
Required by GDPR
-
Update your Terms of Service and Privacy Policy to include all updates, what data is being processed and why.
-
Email and alert your entire email list about all updates and changes to Terms of Service and Privacy Policy.
-
Implement a data processing consent form that is clearly written. This should not be hidden or buried in the terms or privacy policy form.
-
Implement a clear form or process for a subject to opt-in or opt-out of having their data processed.
-
Upon request, implement a process to delete a subject\'s personal data
-
Implement a process to immediately delete a subject\'s data when the data has no further use.
-
Upon request, be able to provide the subject\'s data in a "commonly use and machine readable format".
-
Upon request, be able to provide a subject\'s data to a 3rd party.
-
Implement a process to ask for parental consent when processing the data of a 16 year old, or younger, data.
-
Appoint a Data Protection Officer (DPO) if your company is: "(a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data."
-
Have a plan to alert the Data Protection Agency (DPA), and all affected individuals, within 72 hours of a data breach.
-
Recommended, but not required by GDPR
-
Review and adhere to the Official GDPR Website: https://www.eugdpr.org
-
Designate an appropriate person to bring your company into GDPR compliance.
-
Add a double opt-in email sign up (recommended, but not required by GDPR.
-
Anonymize your Google Analytics account.
-
Notify and train all employees to be aware of and adhere to the GDPR.
-
Add an unchecked consent box to all sign up forms.
-
Post a blog article about all GDRP updates your company is implmenting.
Related Checklists
