A Quick GDPR Compliance Checklist

Is your company GDPR-compliant?

It’s not optional. And it’s not something you want to get caught out red-handed on.

The maximum fine for non-compliance is up to €20 million, or 4% of annual revenue. And the EU is stepping up its game: In Q3 of 2021, the total fines issued amounted to nearly €1 billion.

That’s 20 times the total of the first two quarters.

Read this GDPR compliance checklist to find out how to stay on the right side of the regulators.

GDPR: The EU’s New Data Protection

Signed into law in 2018, the General Data Protection Regulation (GDPR) is a sweeping mandate concerning user data protection.

It sets out strict guidelines for any website or online service operating in the EU.

Personal Data Under GDPR

The explosion of tracking cookies and personal data breaches over recent years meant the EU took data protection seriously.

Under GDPR, organizations must abide by certain terms:

• Personal data must be safeguarded
• EU citizen privacy rights must be upheld

Every organization that handles user data must comply with GDPR in the European Union – or face harsh penalties. There are seven principles to abide by, and eight privacy rights that must be assured.

The privacy rights of citizens are:

• Right to be informed
• Right of access
• Right to rectification
• Right to data erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Rights regarding profiling and automated decision making

A Simple GDPR Compliance Checklist

There are a lot of rules and regulations to abide by – but they can be broken down into the following points. Look no further if you’re wondering how to be GDPR compliant.

Create a Data Registry

You need to know what customer data you’re collecting to be compliant. This means storing the data in a registry that contains the following information:

• Full name
• Contact information
• Reason for data collection (e.g. marketing)
• Method of data processing
• Proof of consent to collect data
• Sensitive (e.g. name) vs. non-sensitive data

Be Transparent About Data Collection

There’s no sense in trying to hide your intentions. That comes off as dishonest to your customers and gets you in trouble with regulators.

Customers need to know when they’re sharing data with you – before you’ve begun collecting it.

For example, a checkbox allowing you to send promotional offers via email must do two things:

• It must state that it is optional, and
• It must not be pre-checked (customers must opt-in)

Use a Data Erasure Specialist

GDPR requires the use of a data erasure and protection specialist. Now, there’s one caveat: This only applies if the data is processed on a large scale.

Unfortunately, what constitutes “large scale” isn’t defined. But it’s best to err on the side of caution – a specialist service provider like Certus is a great option to stay compliant.

Keep Your Privacy Policy Up-to-Date

Your privacy policy must be both up-to-date and easy to find on your website. The policy must contain clear information about how you collect and store data, and how you use it.

That’s non-negotiable.

Avoid Unnecessary Fines

The European Union takes data protection seriously. And the penalties for non-compliance are steep. Follow what we’ve set out in this GDPR compliance checklist to stay above board.

If you found our article helpful, be sure to check out others in our business category.