Skip To The Main Content

GDPR Preparation Checklist

1. Audit time 

Do an internal audit to determine what data you have, how you use it and where the data goes.

audit_time

2. Get aware

Familiarise yourself and your staff on GPDR and how it will impact your business. Make sure your procedures deliver the rights it gives individuals.

get_aware

3. Record it 

Make sure all your data security, handling and processing arrangements are set out in written policies or procedures. Be sure to update regularly.

record_it

4. Delete it 

Make sure you safely and securely delete any data you don’t need or use.

delete_it

5. Keep it under lock and key

Make sure your systems store personal data properly and securely.

lock_and_key

6. Give me access 

Prepare a plan or policy for handling subject access requests to make sure you are ready if someone asks to see their data that you hold.

give_me_access

7. Secure it

Prepare a security framework and an emergency preparedness plan that outlines how personal date is handled and what to do in a breach.

secure_it

8. Policy review 

Review and amend your privacy policies for your customers and suppliers.

policy_review

9. Consent review 

Review how you seek, record and manage consent and whether you need to make any changes. People must be able to opt-in and have an easy way of opting out.

consent_review

10. Choose a lead 

If you can, designate a dedicated data protection staff member who takes responsibility for data protection compliance.

choose_a_lead

11. Age matters 

If your business is children facing make sure you put systems in place to verify individuals’ ages and obtain parental or guardian consent when needed.

age_matters

12. Cross-border processing

If you work across borders, find out who your main supervisory authority is and keep this information accessible.

cross_border

Download the whole infographic here

FSB Data protection checklist