Skip to main content

GDPR checklist

Always be prepared to comply with GDPR regulations with this handy checklist. Through a systematic approach to your data and information security, you can ensure that you follow the necessary guidelines and protect your users’ personal information. Get ready to tackle GDPR requirements with this easy and effective checklist.

1. Identify your data

The first step to GDPR compliance is to identify the personal data you collect and store. This includes any personal data from customers, employees, or other individuals. Classify the data by sensitivity level. Ask:

  • What type of data is it?
  • What is the purpose of collecting and storing this data? 
  • How long have I had it?
  • Who has access to it? 
  • Who will it be shared with? 
Identify sensitive data

2. Develop a privacy policy

Next, use what you’ve learned about your data to create a detailed privacy policy that outlines what data you collect and how you will use, store, and protect it.

A simple, clear policy shows customers that you care about their privacy. It also helps satisfy regulations that require you to keep people informed about how their data is handled. Your privacy policy should:

  • Tell people what kinds of data are collected, how, and why
  • Show how data is processed and kept safely
  • Explain users’ rights
  • Be up to date
  • Provide contact information
  • Let people know how they can make a complaint, if needed
GDPR checklist privacy policy

3. Implement technical and procedural data security measures

You should also implement security measures and policies to protect the data you collect. These can include:

  • Strong passwords
  • Pseudonymisation
  • Encryption
  • Virus protection
  • Building security
  • Device security
  • DPIAs (Data Protection Impact Assessments)
  • Policies for data deletion and disposal of paperwork
  • Other policies to prevent unauthorized access to the data
  • Regular updates to your systems and databases

Get ShareSimple FREE for one user today!

4. Train Employees

Now, train your employees to follow your policies and use the technical security solutions you’ve chosen correctly. Make sure everyone understands the importance of data security and privacy. Make training sessions regular and brief. Include the following topics in your awareness training:

  1. Password selection and management
  2. Recognizing personal data
  3. Phishing variations and how to spot them
  4. Understanding Privacy Rights
  5. GDPR principles and compliance
  6. Caring for sensitive data
  7. How to practice data minimization
  8. Email security mistakes
  9. Using shared wifi and VPNs
  10. Software updates and security
  11. Keeping work devices safe
  12. Remote workplace security
  13. Reporting mistakes, breaches and leaks
GDPR training

5. Monitor compliance

Finally, you should regularly monitor your compliance with GDPR to make sure you (and everyone on your team) are putting your policies into practice. You should also stay up to date on any changes to regulations that affect your company, then ensure your processes continue to be in line with new requirements.

Is this GDPR compliance checklist complete?

The fact is, there is no such thing as a perfect, foolproof GDPR checklist. All businesses and their data collection activities are different. Further, the GDPR itself deliberately uses ambiguous and open-ended language, for several reasons:

  1. Personal data has a broad definition.
  2. The types of personal data companies collect will vary.
  3. The roles and responsibilities of your company as a data controller may change.
  4.  Appropriate security measures and technology can change.
  5. New security threats may emerge.

This ambiguity in regulations and the constantly evolving world we work in both make it impossible to create a GDPR checklist that can guarantee perfect compliance.

However, that is not an excuse to sit back, do nothing, and just hope for the best. Take action. Start with the steps above. Going through them carefully will certainly put you ahead of the game and on the right track for compliance.

Do you need more help to comply with GDPR?

In Safe Online, we create SaaS solutions that make it easier to comply with GDPR. See our solutions here:

DataMapper - find your sensitive data
ShareSimple - send and recieve data securely in Outlook
RequestManager - process data subject requests easily

Sebastian Allerelli

Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →