Scribd Logo
Carica

Benvenuto in Scribd!

  • GDPR Checklist PDF PDF

    Caricato da

    Isaac Paul
    190 visualizzazioni4 pagine

    Titolo originale

    GDPR_Checklist_PDF (1).pdf

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    190 visualizzazioni4 pagine

    GDPR Checklist PDF PDF

    Caricato da

    Isaac Paul

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 4

    GDPR COMPLIANCE

    Checklist

    Obtain board-level support and establish accountability


    ☐ 1. Advise the board about data protection risks and the benefits of GDPR compliance.
    ☐ 2. Obtain management support for your GDPR compliance project.
    ☐ 3. Assign accountability for GDPR compliance to a director.

    • Get a clear understanding of the GDPR with this pocket guide >>

    Scope and plan your GDPR compliance project


    ☐ 4. Appoint and train a project manager.
    ☐ 5. Appoint a data protection officer (DPO) if necessary.
    ☐ 6. Identify standards that could provide a framework to help you establish your
    compliance priorities, such as ISO 27001, ISO 27701 or BS 10012.
    ☐ 7. Assess whether data protection by design and by default has been incorporated into
    processes and systems.
    ☐ 8. Consider the implications of Brexit in your planning.

    • Save time and money by outsourcing your DPO duties to our experts >>

    Conduct a data inventory and data flow audit


    ☐ 9. Assess the categories of data you hold, where the data comes from and the lawful
    basis for processing.
    ☐ 10. Create a map that shows how data flows to, through and from your organisation.
    ☐ 11. Use the data map to identify the risks in your data processing activities and
    determine whether a data protection impact assessment (DPIA) is required.

    1
    GDPR COMPLIANCE
    Checklist

    ☐ 12. Create records of personal data processing activities, as required by Article 30,
    drawn from the data flow audit and gap analysis.

    • Gain visibility over the personal data you hold with the Data Flow Mapping Tool >>

    Undertake a comprehensive risk assessment


    ☐ 13. Establish the risk assessment plan.
    ☐ 14. Identify your risks.
    ☐ 15. Analyse and evaluate your risks.
    ☐ 16. Determine ways to control your risks.

    • Streamline the risk assessment process with vsRisk Cloud >>

    Conduct a detailed gap analysis


    ☐ 17. Audit your current compliance position against the GDPR’s requirements.
    ☐ 18. Determine which compliance gaps require remediation.

    • Quickly identify your GDPR compliance gaps with our gap assessment tool >>

    Develop operational policies, procedures and processes


    ☐ 19. Ensure your data protection policies and privacy notices are in line with the GDPR.
    ☐ 20. Where you rely on consent as your lawful basis for processing, ensure it meets the
    GDPR’s requirements.
    ☐ 21. Review employee, customer and supplier contracts, and update them if necessary,
    to cover personal data processing.
    ☐ 22. Plan how to recognise and handle data subject access requests (DSARs) and
    provide responses within one calendar month.
    ☐ 23. Have a process in place for determining whether a DPIA is required.

    © 2003-2019 IT Governance Ltd 2


    GDPR COMPLIANCE
    Checklist

    ☐ 24. Review whether your mechanisms for transferring data outside the EEA are
    compliant, especially after Brexit.

    • Ensure DSARs are fulfilled correctly with DSAR as a Service >>

    Secure personal data through procedural and technical


    measures
    ☐ 25. Have an information security policy in place.
    ☐ 26. Implement basic technical controls such as those specified by established
    frameworks like Cyber Essentials.
    ☐ 27. Use encryption and/or pseudonymisation where appropriate.
    ☐ 28. Ensure policies and procedures are in place to detect, report and investigate
    personal data breaches.

    • Prevent 80% of cyber attacks with Cyber Essentials >>

    Ensure teams are trained and competent


    ☐ 29. Ensure internal communications with stakeholders and staff are effective.
    ☐ 30. Train your employees to understand the importance of data protection, basic GDPR
    principles and the procedures you have implemented to ensure compliance.

    • Boost staff GDPR awareness in less than an hour >>

    Monitor and audit compliance


    ☐ 31. Schedule regular audits of data processing activities and security controls.
    ☐ 32. Keep records of personal data processing up to date.
    ☐ 33. Undertake DPIAs where required.
    ☐ 34. Assess data protection practices and manage some of the more demanding
    elements of GDPR compliance.

    © 2003-2019 IT Governance Ltd 3


    GDPR COMPLIANCE
    Checklist

    • Simplify your GDPR compliance with GDPR Manager >>

    Achieve GDPR compliance with our all-in-one solutions


    Whether you’re just getting started or are already on the way to compliance, our packages are
    a cost-effective solution that will help streamline your implementation project.
    Find out more >>

    © 2003-2019 IT Governance Ltd 4

    Potrebbero piacerti anche