GDPR – General Data Protection Regulation Checklist
General Data Protection Regulation (GDPR) applies to any company that transacts with European Union citizens.
The European Union (EU) is enforcing regulations designed to protect the data security and the privacy of its citizens.
GDPR came into effect May 25, 2018. The EU GDPR replaces the Data Protection Directive 95/46/EC.
Any customers from any EU country that you collect data from as a result of a business transaction, you will be subject to the rules and regulations of the GDPR.
There are other website legal pages you need to think about if you need to include.
GDPR - General Data Protection Regulation Checklist
Request for consent, terms, or privacy statements must be presented clearly and concisely, and without any ambiguity of meaning.
It must be as easy to withdraw consent at any time.
Security Breach Notification
Notification of a security breach has occurred within 72 hours of discovering it.
Companies must provide, free of charge, a copy of the personal data being processed and held in electronic format.
Right to be Forgotten
Companies must erase all personal data when requested.
Valid conditions for erasure
- Data no longer relevant
- Original purpose been satisfied
- Withdrawal of consent.
The right to request the company transmit data to another processor, in a commonly used and machine-readable format free of charge.
Privacy by Design
Protect the rights of data subjects.
Process only data absolutely necessary for the the required service and limit access of personal data by employees to complete the process consented to.