GDPR Data Protection Checklist

The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. GDPR will impact any organisation that does business with or holds data on individuals in any EU country.


Have you decided on a communication plan that reduces the impact on your team? Who is your company spokesperson and will you be ready if the breach becomes public out of usual office hours?

Here’s our checklist to start your journey to ensure you comply with the regulations:

  • Research – Understand your business’ exact responsibilities in relation to the regulations.
  • Create an action plan – Make a list of all the tasks that need to be completed before 25th May 2018.
  • Understand what a DPO is – A Data Protection Officer (DPO) might need to be appointed depending on the size of your business. They will need to take responsibility of data protection issues on behalf of your company.
  • Identify areas of risk – Prioritise which areas and systems within your business hold sensitive personal information.
  • Educate your staff – Make sure your staff are aware of all the risks around data and file sharing to ensure they always comply with the regulations.
  • Speak to experts – Make use of advisory services and contact experts who can help you become fully GDPR compliant. An expert will be able to advise if there is specialist technology you can acquire.

More than IT

As GDPR covers data privacy, many business leaders consider it to only be an IT issue.  Although IT is certainly critical in achieving compliance, the GDPR goes way beyond the IT department. IT will be central to shaping the processes and engineering of systems to create and implement record-keeping duties. But the hiring of a data protection officer (DPO) will be crucial.

Businesses will need highly qualified people, trained to know exactly which requirements to meet and what processes to put in place to achieve compliance. Still, there will be many other people whose jobs involve working with data, who tend to be more aware of the opportunities than of the risks this presents.

This is a list of questions and processes for businesses to follow. Key questions which will need answering include,

  • Where is the data stored?
  • What rights do individuals have?
  • Could the organisation company deal with a data breach?
  • What measures are in place to prevent and respond to a data breach?
  • Are all staff given data protection training?

Compliance is a company-wide effort

Marketing, HR, directors and sales all handle large amounts of personal data across numerous processes. It is crucial that everyone who stores or handles data is up to speed on whichever pieces of legislation are relevant to them, especially considering the interest that data may have to them in terms of usage and application – and which they might like to play around with.

For more information, please contact our team of experts by clicking the link below.