remaining for you to get GDPR compliant

The 12 Steps of GDPR.
Are you GDPR-ready?

The General Data Protection Regulation (GDPR) can be a tricky topic to get your head around but it is vital for your organisation to understand and prepare for any necessary changes ahead of its implementation on 25th May 2018. (This date is not affected by the UK's decision to leave the EU.)

What is GDPR and should I care? That's the question that everyone, including our clients, CRM Managers and Directors have been asking at our monthly roundtable discussions. So we've put together a quick and handy tool to help you understand where you and your organisation stand in relation to GDPR compliance and what the next steps are.

Please rate yourself (be honest) using the sliders below and our tool will then provide your score and a list of useful resources.

  1. Awareness

    You and your organisation should be aware of the changes brought about by GDPR and the actions that must be taken to comply ahead of 25th May 2018.

  2. Information

    All personal data held by your organisation should be documented, including who has access to it and where it was sourced.

  3. Communicating

    Your organisation should put a plan in place for any changes to be made to privacy notices ahead of GDPR implementation.

  4. Rights

    Your organisation should be aware of and understand the rights of the individual outlined by GDPR as well as checking procedures such as how personal data is stored, deleted etc.

  5. Access

    You will need to update your procedures and plan how you will handle requests within the new timescales and how you will provide any additional information.

  6. Law

    All processing of personal data must have a strong basis in law, so be sure to identify, explain and document this.

  7. Consent

    Your methods of seeking, recording and managing consent should be reviewed and changed where necessary, should they not meet the new GDPR standard. Existing consent should also be reviewed.

  8. Children

    You must work out whether any consent involving children will need a parent or guardian's consent for data processing. You must also be able to verify their age.

  9. Data Breaches

    All measures taken must minimise the likelihood of a data breach while upholding the protection of personal data, but any occurrences must be reported and investigated accordingly.

  10. Data Protection by Design

    You should familiarise yourself now with the ICO's code of practice on Privacy Impact Assessments, as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them.

  11. Data Protection Officers

    Consider whether you should have a data protection officer. If you do need one they must take responsibility for data protection compliance and assess where this role will sit within your organisation's structure and governance arrangements.

  12. International

    If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority.

Thanks for completing the assessment and we hope you have found it useful.
If you would like further information please visit these useful resources:

You scored out of 120

If you would like us to contact you, send you further information, event invitations or our newsletter please enter your details and choose below:

Privacy Policy