Professional Documents
Culture Documents
GDPR Compliance Checklist ProjectManager FD CM
GDPR Compliance Checklist ProjectManager FD CM
GDPR C
Done Summary Task Task Detail
Briefed on GDPR Make sure all parties in the company know GDPR
What data is held, stored, where does it come from,
Document Company Data etc.
Identify Lawful Processing Activity The ICO has six lawful justifications to follow.
Seeking, Recording and Managing
Consent Comply with ICO consent requirements.
This legal information is not the same as legal advice, where an attorney applies the law to your specific circumsta
may not rely on this paper as legal advic
GDPR COMPLIANCE CHECKLIST TEMPLATE
Measures Required Resources Required Assignee Planned Effort
Disclaimer
e law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this i
rely on this paper as legal advice, nor as a recommendation of any particular legal understanding.
Planned Due Date Actual Effort Actual Due Date
The following is a list of the tasks and what they involve in order to become complacent with GDPR.
Checklist Details: Notes who is completing checklist, like if you have a data protection office, the company, team, i
applicable, etc.
Briefed on GDPR: You must know the rules set up by GDPR before you can adhere to them; therefore, everyone
responsible for the process of compliance must be made aware of what is required.
Document Company Data: Know what personal data you hold, where it comes from, who it's shared with and why
it's held.
Review Privacy Notices: Clearly explain lawful basis for processing data, data retention periods and individual
rights in complaint process to ICO in your privacy notice to customers, and fully comply with GDPR.
Individual Rights Protection: Update company communications of the rights and freedoms of people and their
data to customers.
Prepare for Access Requests: With more rights to individuals granted by GDPR, provide appropriate means to
access that data.
Identify Lawful Processing Activity: When processing data, the documentation must be based on the
justifications stated by the ICO.
Seeking, Recording and Managing Consent: Apply new consent rules and procedure to seek, record and
manage consent.
Age Verification: Find out if you need to add protection for minors.
Prepare Procedure for Data Breach: Set up detection, reporting and investigating of data breach.
Perform Needed Assessments: Make sure you're following ICO guidelines to deliver privacy by design.
Appoint Data Protection Officer (DPO): If you haven't appointed a DPO, do so. They are the lead on all GDPR
processes.
Who Is Your Supervisory Authority: Depending on where you do business, there might be a different authority to
report to, so you must know which one supervisors you and your territory.
Disclaimer
This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstan
this information or its accuracy. In a nutshell, you may not rely on this paper as legal advic
mer
circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of
egal advice, nor as a recommendation of any particular legal understanding.