DNVGL.fi

10 Step Checklist for complying with GDPR

SHARE:
PRINT:

Are you prepared for the GDPR to come into effect?

The General Data Protection Regulation (GDPR) comes into force from 25 May 2018. So that you can prepare, check out our top tips for compliance and see if you can tick them all off.

Cyber security lock

Step 1: Know what you’ve got to do

Make sure that decision-makers and key staff know about GDPR and understand its implications. 

Step 2: Know how to check if there’s a breach 
Organisations with ISO/IEC 27001 will already have these procedures, but otherwise check your means of detecting, investigating and reporting personal data security breaches.


Step 3: Check your privacy policy 
Review and update the organisation’s data privacy policy to align it with GDPR.   

Step 4: Stay on the right side of rights 
Check your procedures to make sure they uphold the rights of the individuals whose data you hold, e.g. the right of access to their data; to have their data deleted, etc.   


Step 5: Make sure you respond in time 
Check and if necessary update procedures so you can turn data requests around within the new one-month requirement.

Data protection

Step 6: Demonstrate you’re compliant

Identify the lawful basis of your processing activity, document it and update your privacy notice accordingly.    


Step 7: Manage consent correctly 
Check how you ask for, record and manage consent to use personal data, and update existing consents.    


Step 8: Know what data you’ve got 
Review and document all the personal information held including its source (how you got it) and who it’s shared with.       


Step 9: Confirm who’s in charge 
Designate or confirm who’s responsible for data protection compliance and make sure they have the authority to be effective.    


Step 10: Understand the international context 
If you do cross-border data processing in more than one EU state, decide which is your lead data privacy supervisory authority, based on where you make your most significant data processing decisions.