This checklist covers the essential steps you need to take to demonstrate GDPR compliance

• Brief management on the GDPR-related risks and benefits.
• Gain management support for your GDPR compliance project.
• Give a director the responsibility of GDPR accountability.
• Incorporate data protection risk into the corporate risk management and internal control framework.

Our solutions

• EU GDPR – A Pocket Guide
  This concise guide is essential reading for anyone wanting an overview of the GDPR and the new compliance obligations for handling personal data.

  Available in:     

  Shop now >>

• GDPR Ask Us
  Need a quick answer to a GDPR question? Get quick and easy advice on a GDPR topic by email or live chat.

  Shop now >>

What you need to do

• Appoint and train a project manager, and appoint a DPO (data protection officer) if necessary.
• Identify which entities will be in scope – business units, territories, jurisdictions.
• Identify other standards or management systems that could provide a framework for compliance; for instance, implementing ISO 27001 demonstrates information security best practice.
• Assess the principle of data protection by design and default against current or new processes and systems.
• Consider the implications of Brexit in your planning.

Our solutions

• EU GDPR – An Implementation and Compliance Guide
  This guide details the requirements of the GDPR and provides practical advice on implementing a compliance framework.

  Shop now >>

• Certified EU GDPR Foundation and Practitioner Combination Course
  Gain knowledge of the GDPR, and a practical understanding of the methods and tools for implementing and managing an effective compliance framework.

  Shop now >>

• DPO as a service (GDPR)
  DPO as a service is a practical and cost-effective outsource solution for organisations that don’t have the requisite data protection expertise and knowledge to fulfil their data protection officer obligations under the GDPR.

  Shop now >>

What you need to do

• Assess the categories of data held, where it comes from and the lawful basis for your processing.
• Map data flows into, within and from your organisation.
• Use the data map to identify the risks in your data processing activities and assess whether a DPIA (data protection impact assessment) is needed.

Our solutions

• Data Flow Mapping Tool and Compliance Manager
  This Cloud-based software simplifies the process of creating data flow maps, giving you a thorough understanding of what personal data your organisation processes. Integration with Compliance Manager allows you to track your compliance with the GDPR articles.

  Shop now >>

• GDPR data flow audit
  Receive, through an onsite audit, an inventory of the types of personal data collected and processed in your organisation, and a data flow map.

  Shop now >>

What you need to do

• Audit your current compliance position against the requirements of the GDPR.
• Identify compliance gaps requiring remediation.

Our solutions

• EU GDPR Compliance Gap Assessment Tool
  This questionnaire-driven tool helps you to assess of your organisation’s compliance position and identify the gaps for remediation.

  Shop now >>

• GDPR Gap Analysis
  Get an onsite assessment of your organisation’s privacy management and data protection practices, and a report summarising compliance gaps and remediation recommendations.

  Shop now >>

What you need to do

• Create Article 30 documentation – the record of personal data processing activities drawn from the data flow audit and gap analysis.
• Bring data protection policies and privacy notices in line with the GDPR.
• Where relying on consent, ensure the conditions of that consent meet the new requirements.
• Review and update employees’, customers’ and supplier contracts.
• Plan how to recognise and handle data subject access requests (DSARs) and provide responses within a month.
• Have in place a process for determining whether a DPIA is required.
• Secure personal data through appropriate organisational and technical measures.
• Ensure policies and procedures are in place to detect, report and investigate a data breach.
• Review whether the mechanisms for data transfers outside the EU are compliant.

Our solutions

• EU GDPR Documentation Toolkit
  A complete set of easy-to-use and customisable documentation templates, worksheets and policies to document GDPR compliance.

  Shop now >>

What you need to do

• Have an information security policy
• Put in place basic technical controls such as those specified by established frameworks like Cyber Essentials
• Use encryption and/or pseudonymisation where it is appropriate
• Ensure policies and procedures are in place to detect, report and investigate a personal data breach

Our solutions

• ISO 27001
  ISO/IEC 27001 provides an excellent starting point for achieving the technical and operational requirements necessary to prevent a data breach under the General Data Protection Regulation (GDPR)

  Shop now >>

• Incident Response Management Foundation Training Course
  Find out how to effective manage and respond to a disruptive incident and take appropriate steps to limit the damage of potential information security.

  Shop now >>

• Penetration testing
  Undertake a security assessment of your websites and IT systems to ensure there is adequate protection against cyber attacks.

  Shop now >>

What you need to do

• GDPR implementation affects your entire organisation – effective internal communication with stakeholders and staff is key.
• Employees need to understand the importance of data protection and be trained on the basic GDPR principles and procedures being implemented to achieve compliance.

Our solutions

• GDPR Staff Awareness e-learning Course
  This simple-to-use interactive modular e-learning programme for employees introduces the GDPR and the key compliance obligations for organisations.

  Shop now >>

What you need to do

• Schedule regular audits of data processing activities and security measures.
• Keep personal data processing records up to date.
• Undertake DPIAs where required.