Unlock your business potential.
Get in touch now! ›
Our latest posts on digital marketing.
Access to guides, case studies, webinars & more.
Develop your knowledge at your own pace with Mapp learning tools!


GDPR – Your compliance checklist

Dipal Ashra
GDPR – Your compliance checklist

Compliance. It isn’t a pretty word. But if your organization isn’t GDPR-compliant by May 25, 2018, the ramifications could get very ugly.

With a little over a few weeks to go until GDPR graduates from proposal to regulation, the deadline for compliance edges ever closer. The consequence of non-observance is severe with financial penalties, bans on data processing and immense reputational damage lying in wait for those organizations who don’t plan correctly.

And what’s more, even if your compliance procedures and processes are watertight, are your sure your supply chains are? It’s critical you audit any third parties who process your data as all it takes is for one lax data processing partner to drag you down.

With that in mind, we’ve created a handy checklist to help you recognize where you stand and what, if anything, you might still have to do.

1) The Audit This should be top of anyone’s list, regardless of your type of business. The first step to GDPR compliance is understanding what kind of data you hold. How did you source it? What is it used for? Who has access to it? These are all questions you need to ask. And now.

2) Your Privacy Policy Updating your privacy policy should be another priority task. GDPR dictates that you make individuals aware of what you intend to do with their data. Informing them of the lawful basis that your collection is made under is also required, as well as letting them know of their right to complain if their data is used inappropriately.

3) Data Protection Officer Have you appointed a Data Protection Officer (DPO) yet? If you’re a public authority, then a DPO is a requisite ahead of GDPR. And even if you’re not, it’s wise to appoint somebody to be responsible for your data collection policies and procedures. Without this figurehead, your data ship will sail without a captain.

4) Request processes Being prepared for GDPR means having the processes in place after GDPR lands. You need to make sure you have the right procedures in place to deal with any requests for the data you hold on individuals. Also, be prepared to be asked to delete data. If that’s news to you, then it’s time to map that process.

5) Data breaches How organizations react to data breaches is another GDPR game-changer. Applied to both accidental and deliberate breaches, data breaches must be reported, in almost all cases, to the Information Commissioner’s Office (ICO) within 72 hours. Are you set up to spot a breach and report within that timeframe?

6) International requirements If you’re a business who participate in cross-border data processing, then you’ll need to know who your data protection authority is. In the large majority of cases, this is where your EU HQ is based or where decisions about data processing take place. Plan ahead work out who you need to report to.

If you’d like more information about GDPR and the plans you need to put in place in order to ensure compliance visit our GDPR specific page: mapp.com/gdpr

Recent Articles