The GDPR Compliance Checklist

In the recent months, the GDPR subject has exploded, especially due to the fact the the “deadline” for the compliance is around the corner. There is no point in describing what this regulation means or how it would impact companies and institutions, since it has already been treated as a subject in a lot of articles. What we wanted to share in our article is just a short checklist that might help you check if you’ve covered everything you’d be required to.

Of course, we would need to publish a disclaimer, as information presented in this article is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.

Due to the presentation and separation of concerns (lists that apply only for the Data Controller, only for Data Processors or for both), this GDPR Compliance Checklist from is one of our favorite tools around. If you already started the data protection process, then this list will make it easy for you to not miss treating an important new right. Of course, if your company has an appointed a Data Protection Officer (DPO), then that person will be responsible for compliance (as that person will have knowledge of GDPR guidelines as well as knowledge about the internal processes that involve personal information). But if your company is small or mid-size, you will surely benefit from browsing the list – in order – and get hints as to what GDPR Articles that process is referring to.

One very important thing to consider: most of the businesses have websites. Some are just presentation websites, while some are ecommerce platforms. Make sure your software developer knows about GDPR and has taken (technical) actions in following the Regulation. If you’re using an open source Content Management System like WordPress, then you already have some nice plugin to cover part of the GDPR topic (at least until the newer version of WordPress will be released). But if your online business is based on a custom ecommerce application, for example, you will most likely need the help of a professional that will know what cookies, data flow and encryption mean.

Have you managed to set up all your data protection processes? Do you have any other suggestions or recommendations? Please use the comment form below to share your thoughts.

Leave a Reply

Your email address will not be published. Required fields are marked *