GDPR compliance Checklist Step-by-Step

Employees should be ‘in the know’ It is important that every member of an organisation understands how their role is…

Download documents: GDPR presentation, List confirmation, Training policy
Related posts: GDPR presentation

–  A company that is GDPR compliant regularly trains all its staff.

– Appoint the persons responsible: it is important to identify who, within your organisation, is responsible for privacy compliance and who else is involved.

Download documents: GDPR interactive law, Data Protection Authority , DPO job description
Related posts: GDPR interactive law, DPO job description

The DPO is a position that the vast majority of companies will not need as they are either too small or do not carry out enough processing or profiling.  However, any organisation is able to appoint a DPO.

Read more

Download documents: Data inventory map
Related posts: Data inventory map

To be able to act in accordance with the GDPR, you must firstly inventory the personal data processing operations within your organisation. You should know which data is used, by whom and for what purposes.

Download documents: Data Protection Policy Template, Data privacy policy template, Data privacy policy specific for site web, Privacy notice, Privacy by Design and Privacy by Default
Related posts: Data Protection Policy Template, Data privacy policy, Privacy by Design and Privacy by Default

Under the GDPR you must take “appropriate technical and organisational measures” to secure personal data. What is appropriate depends on the processing risk.

Download documents: Readiness letter, Readiness prove list, GDPR Data Subject Access Request Policy, Data subject Access Request (form)
Related posts: Readiness letter and prove list, GDPR Data Subject Access Request Policy

Update your registration flow to obtain lawful consent and check your processors and data processing agreements.

Furthermore data subjects are entitled to withdraw their consent at any time. This must be as simple as giving consent, and before data subjects give their consent, they must be informed of this right. Otherwise consent is invalid.

Download documents: Consumer’s right under the GDPR , Data subject consent withdrawal form, GDPR roles and responsibilities, DPIA long version template
Related posts: Consumer’s right under the GDPR , Data subject access request policy, DPIA template, GDPR roles and responsibilities

The GDPR gives particular attention to the rights of data subjects: implement tools to respect the new rights of data subjects. A DPIA is an instrument that allows you to inventory a data processing operation before such operation is carried out, so that measures can be taken to reduce those risks.

Download documents: DPIA guide,  DPIA short version, DPIA long version
Related posts: DPIA template

A DPIA is mandatory for (envisaged) data processing operations which, given their nature, context and objective, represent a high risk to privacy.

Download documents: Data breach policy, Data breach register, Data breach report
Related posts: Data breach

Under the GDPR you may be obliged to report a data breach to the competent authority and/or the data subjects. A data breach refers to the access to or destruction, alteration or release of personal data to an organisation without this being intended. Data breach therefore covers not only the release (breach) of data, but also unlawful processing of data and unintentional destruction.