GDPR Checklist – Step One

HomeServicesCorporate ServicesInternational ExpansionRegulatory Health CheckGDPR Checklist – Step One

Stringent EU privacy legislation, the General Data Protection Regulation (GDPR), has been in effect since 25 May 2018.

Organisations around the world, including those outside of the EU, are required to become compliant with this new law.

This checklist can help you assess your organisation’s compliance with EU privacy laws and identify areas where your business may be at risk.

Based on your answers, you will receive a report including:

1. your current level of compliance; and
2. a plan to address any non-compliance risks.

1. Baseline measurement

Has your organisation previously carried out a baseline assessment for compliance with EU privacy law?

2. Embedding privacy in your organisation

Has your organisation embedded the careful handling of personal data in its day to day business?

3. Data Protection Officer(DPO)

Has your organisation appointed a Data Protection Officer (DPO) in an independent oversight role?

4. Data processing registers

Do you keep a data processing register that meets the requirements of EU privacy laws?

5. Perform risk analysis

Has your organisation carried out risk assessments for high risk processing and processing that can lead to people being denied access to a service or product?

6. Drafting policies

Have you created an internal privacy policy that applies to all of your employees and suppliers?

7. Setting up privacy statements

Do you have a privacy statement that complies with the information requirements of EU privacy law?

8. Information security measures

Have you implemented appropriate information security measures?

9. Data breach protocol

Does your organisation have a data breach protocol?

10. Employee training

Are the policy documents and protocols drawn up by your organisation known to the employees?

11.Third party processing agreements

Does your organisation have agreementsin place for third party data processing?

12. Data subject requests

Is your organisation prepared to comply with data subject requests?

Who to contact

View all our people