Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR Readiness Checklist

Getting ready to get GDPR-compliant is a serious undertaking.

Our checklist can help you stay on track with things like identifying your data processing methods, determining if you need to hire a DPO and updating or creating a Privacy Policy.

Read the full article here:

  • Login to see the comments

GDPR Readiness Checklist

  1. 1. GDPR Readiness Checklist
  2. 2. The EU’s General Data Protection Regulation (GDPR) went into effect in May. Use this GDPR Readiness Checklist to make sure you’re compliant.
  3. 3. Identify All Data Types You Collect from Your Site Users Your Privacy Policy must identify all of the types of data you are collecting from your website visitors. This includes personal data that is collected both directly and indirectly.
  4. 4. The GDPR Defines personal data this way:
  5. 5. Identify All Methods of Data Collecting and Processing You must disclose your methods for collecting, storing, managing and sharing personal data through your site or app.
  6. 6. The GDPR refers to this as “processing.”
  7. 7. Depending on whether you own/operate a website or blog, mobile app, ecommerce store, or SaaS platform, your processing methods might be different.
  8. 8. Websites and Blogs Most websites and blogs collect data through one or all of the following: Site registration forms Contact Us forms Live chat tools Content upgrade requests Social media login integration User preferences settings
  9. 9. Mobile Apps Mobile apps also use direct collection methods to acquire personal information about users, such as: Registration information In-app payment information Community chat forum details Online identifiers and other data
  10. 10. Ecommerce Stores Ecommerce stores collect personal information directly and indirectly with tools such as: “Sign-up for a discount” campaigns Billing and shipping data required for checkout Product preference data Site registration Cookies Google Analytics
  11. 11. Saas Apps SaaS apps have special considerations for complying with the GDPR because of consumer advocacy concerns. “27% of consumers are willing to give up their personal data in exchange for a better or more personalized browsing experience.” - EMC Privacy Index (1) (1) Link to:
  12. 12. Consumer Privacy Rights Your customers’ legal ability to understand their privacy rights and risks are central to the GDPR.
  13. 13. Your site visitors must be able to easily: Find, access and understand your Privacy Policy Request a copy of all information you have about them Instruct you to transfer their information to another controller Instruct you to cease collecting or processing their information Instruct you to delete their information Expect you to automatically delete their information you are no longer using Expect you to transfer data outside of the EU only to entities with similar or stronger privacy protections
  14. 14. Special Considerations for Minors The GDPR imposes special considerations for minors, which the regulation defines as a child aged 16 or younger.
  15. 15. You must: Acquire informed consent of a parent or guardian before processing any personal information of a minor Fully inform guardians of how personal data is collected and processed for minor Provide a simple way for allowing minors and their guardians to access to that data, require its deletion or instruct you to transfer it to another entity Not collect any personal information from minors that is not necessary to perform your business
  16. 16. Hire a Qualified Data Protection Officer (if applicable) You are required to appoint a DPO if you are: A public authority An organization engaging in large-scale monitoring of personal data of EU residents An organization engaging in large-scale processing of personal data of EU residents
  17. 17. This clause defines the required duties of the DPO:
  18. 18. By following this checklist and recommendations, you will be ready to formalize your procedures into a compliant Privacy Policy that meets or exceeds the requirements of the GDPR.