
GDPR – General Data Protection Regulation Checklist

General Data Protection Regulation (GDPR) applies to any company that transacts with European Union citizens.
The European Union (EU) is enforcing regulations designed to protect the data security and the privacy of its citizens.
GDPR came into effect May 25, 2018. The EU GDPR replaces the Data Protection Directive 95/46/EC.
Any customers from any EU country that you collect data from as a result of a business transaction, you will be subject to the rules and regulations of the GDPR.
There are other website legal pages you need to think about if you need to include.
GDPR - General Data Protection Regulation Checklist
Consent
Request for consent, terms, or privacy statements must be presented clearly and concisely, and without any ambiguity of meaning.
It must be as easy to withdraw consent at any time.
Security Breach Notification
Notification of a security breach has occurred within 72 hours of discovering it.
Access Rights
Companies must provide, free of charge, a copy of the personal data being processed and held in electronic format.
Right to be Forgotten
Companies must erase all personal data when requested.
Valid conditions for erasure
- Data no longer relevant
- Original purpose been satisfied
- Withdrawal of consent.
Portability
The right to request the company transmit data to another processor, in a commonly used and machine-readable format free of charge
Privacy by Design
Protect the rights of data subjects.
Process only data absolutely necessary for the the required service and limit access of personal data by employees to complete the process consented to.
The official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation)
Related Checklists

Data Protection Impact Assessment (DPIA) Checklist
Data Protection Impact Assessment (DPIA) identifies and minimise risks from data processing. Help you analyse, identify and minimise any data

GDPR – General Data Protection Regulation Checklist
General Data Protection Regulation (GDPR) applies to any company that transacts with European Union citizens. The European Union (EU) is

GDPR Practices / Surgeries / Therapy Checklist
GDPR compliant how to handle personal data