A checklist for GDPR

Always be prepared to comply with GDPR regulations with this handy checklist. Through a systematic approach to your data and information security, you can ensure that you follow the necessary guidelines and protect your users’ personal information. Get ready to tackle GDPR requirements with this easy and effective checklist.

1. Get to know the rules
2. Appoint a data controller
3. Implement technical data security measures
4. Develop a privacy policy
5. Identify your data
6. Ensure processing of personal data
7. Provide documentation
8. Monitor compliance

The basis for complying with the GDPR is to understand the legislation that applies to one. In Denmark, the Personal Data Act defines the specific guidelines for processing personal data, while the GDPR constitutes the European data protection regulation that companies in Europe must comply with. For companies operating globally, there are additional regulations to consider, such as the CCPA and UK-GDPR. Companies must have a clear understanding of the relevant legislation, e.g. GDPR. This involves identifying how the law applies to their specific activities and what obligations it imposes.

A Data Protection Officer (DPO) acts as an internal representative for data protection and is tasked with ensuring that the company complies with the requirements of the Personal Data Regulation. The person is involved in all aspects of data protection and acts as the company’s contact person for the Norwegian Data Protection Authority.

Very specific rules apply to when a company must appoint a data protection officer. Read more about it here.

You should also implement security measures and policies to protect the data you collect. These can include:

• Strong passwords
• Pseudonymisation
• Encryption
• Virus protection
• Building security
• Device security
• DPIAs (Data Protection Impact Assessments)
• Policies for data deletion and disposal of paperwork
• Other policies to prevent unauthorised access to the data
• Regular updates to your systems and databases

Read more about setting up security measures here.

Next, use what you’ve learned about your data to create a detailed privacy policy that outlines what data you collect and how you will use, store, and protect it.

A simple, clear policy shows customers that you care about their privacy. It also helps satisfy regulations that require you to keep people informed about how their data is handled. Your privacy policy should:

The first step to GDPR compliance is to identify the personal data you collect and store. This includes any personal data from customers, employees, or other individuals. Classify the data by sensitivity level. Ask:

• What type of data is it?
• What is the purpose of collecting and storing this data? 
• How long have I had it?
• Who has access to it? 
• Who will it be shared with? 

Read more about how to find your sensitive data here.

In order to comply with the GDPR, it is essential to process personal data properly. By doing this, you as a company not only protect the rights of the individual, but also maintain the trust and credibility of your customers, business partners and the outside world. Read more about responsible processing of personal data.

Keep documentation that shows the company is actively working to be compliant. This may include policies, training records and results of completed audits.

Finally, you should regularly monitor your compliance with GDPR to make sure you (and everyone on your team) are putting your policies into practice. You should also stay up to date on any changes to regulations that affect your company, then ensure your processes continue to be in line with new requirements.