GDPR Checklist

GDPR (General Data Protection Regulation) is one of the biggest compliance regulations that affect companies globally. Any company that collects personal information from a citizen of the European Union is affected by GDPR. It is also known for being extremely heavy with its fines. They can fine companies up to 4% of their total revenue or up to 20 million euros, whatever number is higher. Here we provide you with a quick checklist, based on the official guidelines from the GDPR website that you can use to check that you are compliant with GDPR.

Lawful Basis and Transparency: First thing that you need to do, is understanding what information you have and who has access to it. You also need to make sure that you have a business reason that justifies holding that data. If you collect information for a business purpose at one point but you no longer have a business purpose for it, then you need to get rid of that information. Lastly, provide information about your data processing and justification in your privacy policy, this should be available for all customers whose information you have collected.

Data Security: This section focuses on your obligations to protect user-information while it’s in your possession. One point I want to highlight is that you should be taking data protection into account from the moment you develop the product. This goes back to the important point of “Secure by design”, where companies are now experienced to produce software products that have security built into them from the ground up.

Privacy Rights: GDPR has 7 key privacy rights that need to be upheld for your company to be considered compliant. These 7 privacy rights are designed to give users more control over their personal information. The recurring theme is that users need to be able to access their information, update it, have it deleted, and the right to be forgotten, which simply means that you stop processing their information.

Source @

Accountability and Governance: GDPR also has standards for ensuring that your organization is held accountable for its internal operations and third-party vendors. You are required to appoint someone for ensuring GDPR compliance across your company and sign a data processing agreement for any third parties that you use in your business.

How to get more free content

If you like this article and would like to read more of our content for cybersecurity insights, tips and tricks feel free to follow us on our social media. If you’re a struggling business owner who needs help in assessing their business’s cybersecurity posture feel free to take advantage of our free introductory assessment and we’ll help you figure out a game plan for keeping your company safe.

1 view