Getting ready to get GDPR-compliant is a serious undertaking. Our checklist can help you stay on track with things like identifying your data processing methods, determining if you need to hire a DPO and updating or creating a Privacy Policy. Read the full article here: https://privacypolicies.com/blog/gdpr-readiness-checklist/

1. GDPR Readiness Checklist

2. The EU’s General Data Protection Regulation (GDPR) went
into effect in May.
Use this GDPR Readiness Checklist to make sure you’re
compliant.

3. Identify All Data Types You
Collect from Your Site Users
Your Privacy Policy must identify all of the types of data you
are collecting from your website visitors.
This includes personal data that is collected both directly and
indirectly.

4. The GDPR Defines personal data this way:

5. Identify All Methods of Data
Collecting and Processing
You must disclose your methods for collecting, storing,
managing and sharing personal data through your site or app.

6. The GDPR refers to this as “processing.”

7. Depending on whether you own/operate a website or
blog, mobile app, ecommerce store, or SaaS platform,
your processing methods might be different.

8. Websites and Blogs
Most websites and blogs collect data through one or all of the
following:
Site registration forms
Contact Us forms
Live chat tools
Content upgrade requests
Social media login integration
User preferences settings

9. Mobile Apps
Mobile apps also use direct collection methods to acquire personal
information about users, such as:
Registration information
In-app payment information
Community chat forum details
Online identifiers and other data

10. Ecommerce Stores
Ecommerce stores collect personal information directly and
indirectly with tools such as:
“Sign-up for a discount” campaigns
Billing and shipping data required for checkout
Product preference data
Site registration
Cookies
Google Analytics

11. Saas Apps
SaaS apps have special considerations for complying with the
GDPR because of consumer advocacy concerns.
“27% of consumers are willing to give up their personal data
in exchange for a better or more personalized browsing
experience.”
- EMC Privacy Index (1)
(1) Link to: https://www.emc.com/campaign/privacy-index/global.htm

12. Consumer Privacy Rights
Your customers’ legal ability to understand their privacy rights
and risks are central to the GDPR.

13. Your site visitors must be able to easily:
Find, access and understand your Privacy Policy
Request a copy of all information you have about them
Instruct you to transfer their information to another controller
Instruct you to cease collecting or processing their information
Instruct you to delete their information
Expect you to automatically delete their information you are
no longer using
Expect you to transfer data outside of the EU only to entities
with similar or stronger privacy protections

14. Special Considerations for
Minors
The GDPR imposes special considerations for minors, which
the regulation defines as a child aged 16 or younger.

15. You must:
Acquire informed consent of a parent or guardian before
processing any personal information of a minor
Fully inform guardians of how personal data is collected and
processed for minor
Provide a simple way for allowing minors and their guardians
to access to that data, require its deletion or instruct you to
transfer it to another entity
Not collect any personal information from minors that is not
necessary to perform your business

16. Hire a Qualified Data Protection
Officer (if applicable)
You are required to appoint a DPO if you are:
A public authority
An organization engaging in large-scale monitoring
of personal data of EU residents
An organization engaging in large-scale processing
of personal data of EU residents

17. This clause defines the required duties of the DPO:

18. By following this checklist and recommendations,
you will be ready to formalize your procedures into
a compliant Privacy Policy that meets or exceeds
the requirements of the GDPR.