Menu Close

Blog / 12-Point Checklist to Help Prepare your Business for GDPR

12-Point Checklist to Help Prepare your Business for GDPR

4 MINUTES TO READ

12-Point Checklist to Help Prepare your Business for GDPR
Summary: GDPR stands for General Data Protection Regulation and it represents changes introduced by the European Union to their data privacy laws. If you don't properly address or prepare for it, you can face

For me, digital marketing was always the fun side of the business.   The opportunity to express our brand creatively, meet new people, solicit feedback.   The colours, the layouts, the strategies.  These are all exciting to me.

Equally fun for me are the technical and legal disciplines.   Great digital marketing agencies are well versed in many disciplines.  These should include the disciplines, such as hosting, performance, security, and even the legal disciplines such as CASL Compliance, WCAG, Local Privacy Laws, and so much more.   One common compliance term growing in the marketing community is GDPR and it can impact your business.

What is the GDPR?

GDPR stands for General Data Protection Regulation and it represents changes introduced by the European Union to their data privacy laws. The regulation went into effect in 2018, and addresses concerns around data storage, accuracy, accountability, purpose and even storage limitations.   GDPR also mandates organization compliance, procedures and self-checks.  To summarize it, GDPR is about ensuring that you are accountable for the data people are entrusting with you and your business.

My business is in Canada, does the GDPR apply to businesses in Canada?

GDPR will impact companies here in Canada as well. If you are a Canadian business, and you offer goods or services to EU residents, and/or, monitor the behaviour of EU residents within the EU (This could include internet analytics for behavioral advertising), and/or if you conduct business, or market goods and services with, in, or to EU residents, yes this applies to you, and you need to read further.

Isn’t GDPR something my IT department will manage?

GDPR impacts the entire company.   If you don’t properly address or prepare for it, you can face serious fines, business interruptions, or losses.

Important Disclaimer: We highly recommend working with a professional that is experienced in compliance matters to review your current process.  Proper implementation can be complex and challenging and may require help from multiple subject matter experts, such as IT, Legal, Operations, HR and more.  If you are concerned, please feel free to contact us and we’ll see what we can do about filling the gaps in your organization.

Here is your 12-Point Checklist to Help Prepare your Business for GDPR

1. Raise Awareness

Ensure all members of your organization are aware of the new laws under GDPR and understand the impact.

2. Conduct Information Audit

Organise an information audit to document what personal data is held within your systems and files, where it is coming from and who you share it with.

3. Communicate Privacy Policy

Review your current privacy policy for any gaps and ensure it is easily accessible on all web properties.

4.Outline Individual’s Rights

Check your procedures to ensure they protect all individual rights, including deleting data when requested.

5.Plan for Subject Access Requests

Complete an action plan for handling requests within the new timescales (30 days).

6.Conduct Data Processing Audit

Document a processing data audit, outlining the different data processing types your organization performs and the legal basis for why they perform them.

7.Review Consent Procedures

Review how you are seeing, obtaining and recording content and if changes are needed.

8.Safeguard Children’s Data

Consider whether you need a process to verify individuals’ ages or to obtain parental consent for children 16 years or younger.

9.Establish Data Breach Procedures

Ensure you have proper procedures in place to detect, report and investigate a data breach.

10.Adopt a Privacy by Design Approach

Familiarise yourself with how and when to implement Privacy Impact Assessments.

11.Designate a Data Protection Officer

Determine who in the organization will take responsibility for data protection compliance.

12.Determine International Data Authority

If your organization operates internationally, determine which data protection authority you come under.

The Best Digital Marketing Insight and Advice

The WSI Digital Marketing Blog is your go-to-place to get tips, tricks and best practices on all things digital marketing related. Check out our latest posts.

    We are committed to protecting your privacy. For more info, please review our Privacy and Cookie Policies. You may unsubscribe at any time.

    Don't stop the learning now!

    Here are some other blog posts you may be interested in.

    Menu
    Close
    Skip to content