[vc_row][vc_column][vc_column_text css=”.vc_custom_1527270526660{margin-bottom: 35px !important;}”]

GDPR compliantAchieving GDPR Compliance shouldn’t feel like a struggle. Here is a basic checklist you can use to make sure you are GDPR compliant.

If your organization is determining the purpose of the storage or processing of personal information, it is considered a controller. If your organization stores or processes personal data on behalf of another organization, it is considered a processor. It is possible for your organization to have both roles.

This list is not legal advice, it merely tries to help you overcome the confusion.

[/vc_column_text][vc_column_text css=”.vc_custom_1527271993547{margin-top: 20px !important;margin-bottom: 20px !important;}”]


[/vc_column_text][vc_toggle title=”Your company has a list of all types of personal information it holds, the source of that information, who you share it with, what you do with it and how long you will keep it. ” style=”arrow” el_id=”1527263937707-47e69190-aaa1″ el_class=”gdpr”] Data Processor | Data Controller This is a list of the actual types (columns) of information being held (eg Name, social security nr, address,..). For each type, a source should be documented, the parties this information is shared with, the purpose of the information and the duration for which the company will keep this information. Read more: [/vc_toggle][vc_toggle title=”Your company has a list of places where it keeps personal information and the ways data flows between them.” style=”arrow” el_id=”1527265526978-d1e3e221-cba8″ el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”Your company has a publicly accessible privacy policy that outlines all processes related to personal data.” style=”arrow” el_id=”1527265579955-bab45121-e28b” el_class=”gdpr”] Data Processor | Data Controller
  • You should include information about all processes related to the handling of personal information. This document should include (or have links to) the types of personal information the company holds, and where it holds them.Read more:
[/vc_toggle][vc_toggle title=”Your privacy policy should include a lawful basis to explain why the company needs to process personal information” style=”arrow” el_id=”1527265614532-070938f3-50c4″ el_class=”gdpr”]Data Controller It should contain a reason for data processing, eg the fulfillment of a contract. Read more: [/vc_toggle][vc_column_text css=”.vc_custom_1527272007127{margin-top: 35px !important;margin-bottom: 20px !important;}”]


[/vc_column_text][vc_toggle title=”Your company has appointed a Data Protection Officer (DPO)” style=”arrow” el_id=”1527265758858-7e1a8e27-9b85″ el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”Create awareness among decision makers about GDPR guidelines.” style=”arrow” el_id=”1527265821530-91c223d1-b46c” el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”Make sure your technical security is up to date.” style=”arrow” el_id=”1527265923153-d97a0453-a972″ el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”You report data breaches involving personal data to the local authority and to the people (data subjects) involved.” style=”arrow” el_id=”1527265984416-f217eeb4-632e” el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”There is a contract in place with any data processors that you share data with.” style=”arrow” el_id=”1527266049363-09d18d26-cf7a” el_class=”gdpr”]Data Controller [/vc_toggle][vc_column_text css=”.vc_custom_1527272020640{margin-top: 35px !important;margin-bottom: 20px !important;}”]


[/vc_column_text][vc_toggle title=”Your customers can easily request access to their personal information.” style=”arrow” el_id=”1527266312754-1025c937-caf4″ el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”Your customers can easily update their own personal information to keep it accurate.” style=”arrow” el_id=”1527266565619-425efd9d-c47a” el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”You automatically delete data that your business no longer has any use for.” style=”arrow” el_id=”1527266374584-e41cc03b-25a2″ el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”Your customers can easily request that you stop processing their data.” style=”arrow” el_id=”1527266833655-36dcb954-868d” el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”Your customers can easily request deletion of their personal data.” style=”arrow” el_id=”1527266775813-f6eee70d-06e8″ el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”Your customers can easily request that their data be delivered to themselves or a 3rd party.” style=”arrow” el_id=”1527266721829-4ce96564-036d” el_class=”gdpr”] Data Processor | Data Controller [/vc_toggle][vc_toggle title=”Your customers can easily object to profiling or automated decision making that could impact them.” style=”arrow” el_id=”1527266880758-8d415848-8a39″ el_class=”gdpr”]Data Controller [/vc_toggle][vc_column_text css=”.vc_custom_1527272038455{margin-top: 35px !important;margin-bottom: 20px !important;}”]


[/vc_column_text][vc_toggle title=”Ask consent when you start processing a person’s information.” style=”arrow” el_id=”1527267031168-40b4da64-2c20″ el_class=”gdpr”]Data Controller
  • If your website collects personal information in some way, you should have an easily visble link to your privacy policy and confirm that the user accepts your terms and conditions.Read more:
[/vc_toggle][vc_toggle title=”Your privacy policy should be written in clear and understandable terms.” style=”arrow” el_id=”1527267105700-82eda6f2-dd74″ el_class=”gdpr”]Data Controller
  • It should be written in clear and simple terms and not conceal it’s intent in any way. Failing to do so could void the agreement entirely. When providing services to children, the privacy policy should be easy enough for them to understand.s and conditions.Read more:
[/vc_toggle][vc_toggle title=”It should be as easy for your customers to withdraw consent as it was to give it in the first place.” style=”arrow” el_id=”1527267181331-e3db9774-b401″ el_class=”gdpr”]Data Controller [/vc_toggle][vc_toggle title=”If you process children’s personal data, verify their age and ask consent from their legal guardian.” style=”arrow” el_id=”1527267268125-f8f5018a-48a2″ el_class=”gdpr”]Data Controller [/vc_toggle][vc_toggle title=”When you update your privacy policy, you inform existing customers.” style=”arrow” el_id=”1527267339645-c76cfdf5-3032″ el_class=”gdpr”]Data Controller [/vc_toggle][vc_column_text css=”.vc_custom_1527272052908{margin-top: 35px !important;margin-bottom: 20px !important;}”]


[/vc_column_text][vc_toggle title=”You regularly review policies for changes, effectiveness, changes in handling of data and changes to the state of affairs of other countries your data flows to.” style=”arrow” el_id=”1527267434577-b15771d6-c301″ el_class=”gdpr”]Data Controller [/vc_toggle][vc_column_text css=”.vc_custom_1527272071629{margin-top: 35px !important;margin-bottom: 20px !important;}”]


[/vc_column_text][vc_toggle title=”You should only transfer data outside of the EU to countries that offer an appropriate level of protection” style=”arrow” el_id=”1527266992485-b5b5995a-ec44″ el_class=”gdpr”]Data Controller [/vc_toggle][vc_toggle title=”Your business understands when you must conduct a DPIA for high-risk processing of sensitive data.” style=”arrow” el_id=”1527267510235-5326da5d-c9b5″ el_class=”gdpr”]Data Controller [/vc_toggle][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

The information above is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice, nor as a recommendation of any particular legal understanding.