GDPR Checklist

Complying with the GDPR (General Data Protection Regulation), which was came into effect on 25th May 2018, is compulsory for any company which operates in Europe. The new regulation addresses the treatment of personal data and its free circulation.

Checklist GDPR

  1. Update legal documents and carry out internal audits
    This will determine the needs of the company in order to adjust to GDPR.
  2. Request the certificate or permission to be able to process data
    If the current consent does not comply with the new regulations it will have to be requested again.
  3. Organize an information audit
    Explain to clients why their data is stored and update the data of employees.
  4. Develop a guidance document for the work team
    Employees must know what GDPR is and how it can affect the company, so they can carry out the necessary procedures.
  5. Have a data elimination system
    The company will have to arrange an efficient and effective system to erase the data requested or not necessary anymore.
  6. Prepare a crisis management strategy
    You will have to establish a crisis management strategy for if its application is ever necessary.
  7. Report the compliance
    Once the different channels (web page, social networks and various mediums) updated, the company needs to report its compliance with the regulation.
  8. Ask for permission
    Users interested in being part of the company´s database will have to accept the terms and conditions requested of them through the different channels.
  9. Pay attention to minors under 16 years old
    The minors under 16 years old will need permission from their parents or tutors.
  10. Assign the figure of the Data Protections Officer (DPO)
    The EU recommends the inclusion of the figure of the Data Protection Officer to ensure that what is established in GDPR is respected and complied with. It can be a question of having an external professional or an employee who assumes said functions.

For further information regarding the compliance with GDPR, you can access to the AEPD web page or,

Please note that this article is not intended to provide legal advice.

Related Articles