header image icon - block

GDPR – General Data Protection Regulation Checklist

GDPR - General Data Protection Regulation Checklist 3

General Data Protection Regulation (GDPR) applies to any company that transacts with European Union citizens.

The European Union (EU) is enforcing  regulations designed to protect the data security and the privacy of its citizens.

GDPR came into effect May 25, 2018. The EU GDPR replaces the Data Protection Directive 95/46/EC.

Any customers from any EU country that you collect data from as a result of a business transaction, you will be subject to the rules and regulations of the GDPR.

There are other website legal pages you need to think about if you need to include. 

GDPR - General Data Protection Regulation Checklist


Request for consent,  terms, or privacy statements must be presented clearly and concisely, and without any ambiguity of meaning.

It must be as easy to withdraw consent at any time.

Security Breach Notification

Notification of a security breach has occurred within 72 hours of  discovering it.

Access Rights

Companies must provide, free of charge, a copy of the personal data being processed and held in electronic format.

Right to be Forgotten

Companies must erase all personal data when requested.

Valid conditions for erasure 

  • Data no longer relevant
  • Original purpose been satisfied 
  • Withdrawal of consent.


The right to request the company transmit data to another processor, in a commonly used and machine-readable format free of charge

Privacy by Design

Protect the rights of data subjects.

Process only data absolutely necessary for the the required service and limit access of personal data by employees to complete the process consented to.

The official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation

Related Checklists