Scribd
Upload
593 views

Checklist For EU GDPR Implementation en

Regulation of GDPR compliance checklist

Uploaded by

Usman Hamid
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
593 views

Checklist For EU GDPR Implementation en

Regulation of GDPR compliance checklist

Uploaded by

Usman Hamid
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

[organisation name]

___________________________________________________________________________

Project checklist for EU GDPR implementation

Implementation Tasks Done


phases

Establish the Decide whether you are going to use consultants, or if you will be Commented [EUA1]: See these comparison matrices for
using documentation templates. implementing EU GDPR to help you decide which approach is most
project suitable for your organisation:
https://advisera.com/eugdpracademy/comparison/
Download the EU GDPR full text. Commented [EUA2]: See EU GDPR Documentation Toolkit:
https://advisera.com/eugdpracademy/eu-gdpr-documentation-
Conduct the GDPR Readiness Assessment to help you determine toolkit/

at which stage of the project implementation you are. Commented [EUA3]: You can download the full text of the EU
GDPR at the following link:
https://advisera.com/eugdpracademy/gdpr/
Educate your project team.
Commented [EUA4]: Check your compliance using this free EU
GDPR Readiness Assessment Tool:
Write the Project Plan, including the definition of the project https://advisera.com/eugdpracademy/eu-gdpr-readiness-
assessment-tool/
manager, project team, project sponsor, required resources, and
milestones. Commented [EUA5]: See this helpful Project Plan for EU GDPR
Implementation: http://info.advisera.com/eugdpracademy/free-
download/project-plan-for-eu-gdpr-implementation
Define which stakeholders need to be informed about each step
in the project.

Organise kick-off meeting.

Develop top-level Establish the EU GDPR Personal Data Policy Framework.


policies
Write the Personal Data Protection Policy. Commented [EUA6]: See this article:
Contents of the Data Protection Policy according to GDPR
https://advisera.com/eugdpracademy/knowledgebase/contents-of-
Write the Employee Personal Data Protection Policy. the-data-protection-policy-according-to-gdpr/

Write the Data Retention Policy.

Organise your data Appoint a Data Protection Officer.


protection Define the Data Protection Officer’s job description. Commented [EUA7]: See this article to obtain more
information regarding the DPO role: The role of the DPO in light of
the General Data Protection Regulation
https://advisera.com/eugdpracademy/knowledgebase/the-role-of-
the-dpo-in-light-of-the-general-data-protection-regulation/
Build up data Write the Inventory of Processing Activities.
inventory
Maintain and update the Inventory of Processing Activities.

Project Checklist for EU GDPR ver [version] from [date] Page 1 of 3

©2018 EUGDPRAcademy https://www.advisera.com/eugdpracademy/


[organisation name]
___________________________________________________________________________

Managing data Define the legal basis of the company to process personal data,
subject rights and whether you need consent from the data subjects. Commented [EUA8]: See this article:
Is consent needed? Six legal bases to process data according to
GDPR:
Define data subject rights. https://advisera.com/eugdpracademy/knowledgebase/is-consent-
needed-six-legal-bases-to-process-data-according-to-gdpr/
Define and implement data subject consent forms. Commented [EUA9]: See this article: 8 data subject rights
according to GDPR
https://advisera.com/eugdpracademy/knowledgebase/8-data-
Define and implement the Data Subject Access Request subject-rights-according-to-gdpr/
Procedure and develop a guide outlining how to deal with the Commented [EUA10]: See this article:
requests. Four main questions for obtaining and managing data subjects’
consent under GDPR
https://advisera.com/eugdpracademy/knowledgebase/four-main-
questions-for-obtaining-and-managing-data-subjects-consent-
under-gdpr/
Data Protection Define and write the Data Protection Impact Assessment Commented [EUA11]: See this helpful EU GDPR Data Subject
Methodology (DPIA). Access Request Flowchart:
Impact Assessment http://info.advisera.com/eugdpracademy/free-download/eu-gdpr-
(DPIA) data-subject-access-request-flowchart
Maintain the DPIA Register. Commented [EUA12]: See this article: 5 phases of the EU
GDPR Data Protection Impact Assessment
Set up a DPIA review schedule. https://advisera.com/eugdpracademy/knowledgebase/5-phases-of-
the-eu-gdpr-data-protection-impact-assessment/

Personal data Develop the Cross-Border Personal Data Transfer Procedure.


transfers
Identify all of your suppliers based outside the European
Economic Area (EEA) that will have access to personal data.

Prepare and sign Data Transfer Agreements for all identified


suppliers outside of the EEA.

Third-party Identify the suppliers that process personal data on your behalf
compliance (data processors).

Prepare and sign agreements with data processors to ensure they Commented [EUA13]: See this article: EU GDPR controller vs.
will act based on your instructions and will comply with EU GDPR. processor – What are the differences?
https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-
controller-vs-processor-what-are-the-differences/

Personal data Identify and implement adequate security measures to protect Commented [EUA14]: See this article: How cybersecurity
personal data. solutions can help with GDPR compliance:
protection https://advisera.com/eugdpracademy/blog/2017/11/27/how-
cybersecurity-solutions-can-help-with-gdpr-compliance/
Test and review the implemented measures on a regular basis.

Handle data Identify the key stakeholders and establish your “Data Breach
breaches Response Team.”

Project Checklist for EU GDPR ver [version] from [date] Page 2 of 3

©2018 EUGDPRAcademy https://www.advisera.com/eugdpracademy/


[organisation name]
___________________________________________________________________________

Establish a process to evaluate a data breach, and to notify the


Supervisory Authority and data subjects.

Establish a process to respond to a data breach.

Maintain a record of all data breaches.

Awareness Define which competencies your employees need.


presentations and
trainings List the trainings your employees should attend.

Develop a training plan for the next few months.

Perform periodic security awareness trainings for all of your


employees.

For all the documents needed to comply with EU GDPR, check out this EU GDPR Documentation
Toolkit.

Project Checklist for EU GDPR ver [version] from [date] Page 3 of 3

©2018 EUGDPRAcademy https://www.advisera.com/eugdpracademy/

You might also like