Your GDPR checklist…
Over the past six months, you have received our practical tips and tricks to complete your GDPR toolkit. You can easily find all of them on our website.
Tomorrow is “the” day: the GDPR will apply in all its glory! Are you ready?
Below we provide you with a checklist that will assist you in the future to become and remain GDPR compliant. Check this list for every (new) processing activity and then take all necessary action:
- For what purposes are the personal data used?
- What legitimate ground can you put forward?
- Did you inform the data subjects (regarding the foregoing)?
- Did you implement the procedures required for such data subjects to be able to exercise their rights? Are your systems designed to this end?
- Are the data transferred to a third country and, if so, did you ensure the appropriate safeguards?
- Did you document all of the above in internal policies and procedures, and are these policies and procedures implemented in practice?
- Did you include the processing activity in your register?
- Is an impact assessment required and, if so, did you perform such an analysis and document it?
- Did you implement the necessary procedures for detecting and reporting data breaches?
- Do you need to appoint a DPO?
- Were appropriate agreements concluded with third parties?
We won’t leave you in the cold after 25 May 2018. From time to time, we will provide you with our best practices for GDPR compliance with our new Privacy Talk. We’ll be focusing on where the biggest risks for companies lie, and what they need to pay special attention to. Furthermore, we’ll provide you with ‘quick wins’. In this way, you can learn from our experience, and of course we follow any practical advice issued by the data protection authorities. They are inevitably going through a learning process just as we are.
Looking forward to our Privacy Talk, we would like to provide you with our 3 top priorities (in other words, our first-aid kit) should your company not yet be GDPR compliant:
- Map out all processing activities in a register of processing activities.
- Draft privacy statements and internal procedures for responding to requests from data subjects.
- Take steps to prevent data breaches, and establish internal procedures for reporting such breaches.
Please consult our website or contact one of our team members if you have questions or require more information:
In the Picture - July 2020
Covid-19’s impact on commercial contracts: Force majeure, not just a standard clause