Uploaded by romao.hugo

GDPR Checklist PDF

advertisement
GDPR COMPLIANCE
Checklist
Obtain board-level support and establish accountability
☐
1. Advise the board about data protection risks and the benefits of GDPR compliance.
☐
2. Obtain management support for your GDPR compliance project.
☐
3. Assign accountability for GDPR compliance to a director.
•
Get a clear understanding of the GDPR with this pocket guide >>
Scope and plan your GDPR compliance project
☐
4. Appoint and train a project manager.
☐
5. Appoint a data protection officer (DPO) if necessary.
☐
6. Identify standards that could provide a framework to help you establish your
compliance priorities, such as ISO 27001, ISO 27701 or BS 10012.
☐
7. Assess whether data protection by design and by default has been incorporated into
processes and systems.
☐
8. Consider the implications of Brexit in your planning.
•
Save time and money by outsourcing your DPO duties to our experts >>
Conduct a data inventory and data flow audit
☐
9. Assess the categories of data you hold, where the data comes from and the lawful
basis for processing.
☐
10. Create a map that shows how data flows to, through and from your organisation.
☐
11. Use the data map to identify the risks in your data processing activities and
determine whether a data protection impact assessment (DPIA) is required.
1
GDPR COMPLIANCE
Checklist
☐
•
12. Create records of personal data processing activities, as required by Article 30,
drawn from the data flow audit and gap analysis.
Gain visibility over the personal data you hold with the Data Flow Mapping Tool >>
Undertake a comprehensive risk assessment
☐
13. Establish the risk assessment plan.
☐
14. Identify your risks.
☐
15. Analyse and evaluate your risks.
☐
16. Determine ways to control your risks.
•
Streamline the risk assessment process with vsRisk Cloud >>
Conduct a detailed gap analysis
☐
17. Audit your current compliance position against the GDPR’s requirements.
☐
18. Determine which compliance gaps require remediation.
•
Quickly identify your GDPR compliance gaps with our gap assessment tool >>
Develop operational policies, procedures and processes
☐
19. Ensure your data protection policies and privacy notices are in line with the GDPR.
☐
20. Where you rely on consent as your lawful basis for processing, ensure it meets the
GDPR’s requirements.
☐
21. Review employee, customer and supplier contracts, and update them if necessary,
to cover personal data processing.
☐
22. Plan how to recognise and handle data subject access requests (DSARs) and
provide responses within one calendar month.
☐
23. Have a process in place for determining whether a DPIA is required.
© 2003-2019 IT Governance Ltd
2
GDPR COMPLIANCE
Checklist
☐
•
24. Review whether your mechanisms for transferring data outside the EEA are
compliant, especially after Brexit.
Ensure DSARs are fulfilled correctly with DSAR as a Service >>
Secure personal data through procedural and technical
measures
☐
25. Have an information security policy in place.
☐
26. Implement basic technical controls such as those specified by established
frameworks like Cyber Essentials.
☐
27. Use encryption and/or pseudonymisation where appropriate.
☐
28. Ensure policies and procedures are in place to detect, report and investigate
personal data breaches.
•
Prevent 80% of cyber attacks with Cyber Essentials >>
Ensure teams are trained and competent
☐
29. Ensure internal communications with stakeholders and staff are effective.
☐
30. Train your employees to understand the importance of data protection, basic GDPR
principles and the procedures you have implemented to ensure compliance.
•
Boost staff GDPR awareness in less than an hour >>
Monitor and audit compliance
☐
31. Schedule regular audits of data processing activities and security controls.
☐
32. Keep records of personal data processing up to date.
☐
33. Undertake DPIAs where required.
☐
34. Assess data protection practices and manage some of the more demanding
elements of GDPR compliance.
© 2003-2019 IT Governance Ltd
3
GDPR COMPLIANCE
Checklist
•
Simplify your GDPR compliance with GDPR Manager >>
Achieve GDPR compliance with our all-in-one solutions
Whether you’re just getting started or are already on the way to compliance, our packages are
a cost-effective solution that will help streamline your implementation project.
Find out more >>
© 2003-2019 IT Governance Ltd
4
Download