GDPR Checklist – what do you need to have?
Its 4 months since the GDPR has been with us. Its been a baptism of fire for some companies and a breeze for others. Its been a real change in the way in which we do business. We need to be able to demonstrate why we have data, who has access to it, how we protect it, who else sees it and how long we need to keep it for.
So what should you include in a GDPR Checklist
In order to show that that you know exactly what you do with your data there are documents that can help you see what you have.
I would recommend:
- A detailed data inventory – showing the purpose of having the data, risk and categories of data you have.
- A data protection policy for your organisation.
- A data subject access request procedure including a way to check identity and a register – you only have a month!
- A data retention schedule detailing how long you keep data for
- A breach policy and a register which hopefully you will never use.
- A legitimate interests v consent checklist to see if you have the right to contact people and how you prove it.
- A consent register or a way of proving consent.
- Risk assessments – Data protection impact assessments.
What else is useful as well as a GDPR Checklist?
There are lots of documents that are useful to help you on your compliance journey. I tend to only keep essential ones as all documents will need review and maintainance. What else you need will depend on your organisation but other documents such as a CCTV policy, consent checks and data transfer checklists.
By following a GDPR Checklist will make you review your data and how you manage it effectively.
There is lots of useful important and useful information on the ICO website https://ico.org.uk/
GDPR effects all organisations and no one is immune, if you need help and aren’t sure where to start, do get in touch. We are friendly, make it easy and want to help.
We look forward to hearing from you. http://trustedcompliancesolutions.co.uk/contact