Below is a basic GDPR checklist to help determine your compliance with major GDPR points, and may not cover very specific topics related to your company.

  • Know what data is collected
  • Know which tools, software, and companies process the collected data
  • Have a data life cycle plan
    • Know how to store data
    • Know when to delete data
  • Provided customers with clear contact information to discuss company data and privacy policies
  • Explained to customers when, how, and why data is collected and processed
  • Have opt-in and opt-out processes in place
    • Explained what it means to opt-in or opt-out
    • Have a way to record when a customer opts-in
    • Have made it as easy to opt-out as it was to opt-in
  • If the customer requests, have a process in place to:
    • Provide the customer their personal data
    • Transfer the customer’s data to another system
    • Restrict the processing of data for a given period of time
    • Correct the customer’s data
    • Delete all data concerning a customer
    • Stop profiling the customer’s data
    • Stop processing the customer’s data
  • Know who to contact and what to do in case of a data breach