A GDPR Checklist for Your Business

Sharing our insights into the GDPR compliance
A GDPR Checklist for Your Business

Becoming compliant with the GDPR takes a lot of time and effort. To help you out, we’ve created a checklist with the most essential steps.

  1. Get the full picture of impact: Arrange a meet-up with your technical, customer support, and legal colleagues and discuss what the GDPR means and how it impacts your organization from each side.
  2. Get a full picture of personal data processing in your company: Map data flows in your company—how it’s stored and processed by your systems. You need to answer these questions:
    • What categories of personal data do you process (financial information, biometrics, marketing-related information, etc.)?
    • What categories of users do you process data for (contributors, freelancers on your marketplace, drivers, etc.)?
    • What are the reasons for processing?
    • How and why do you collect this information?
    • How do you secure this data?
    • Is the data transferred to third parties? Do you know who those third parties are? How long do they store information about individuals?
  3. Find legal basis for mappingThink about 6 legal bases mentioned here. For every processing operation identified in your data map, you have to refer to a legal basis. That connection will give you the full legal basis for the mapping.
  4. Create tools that can help users exercise their rights:
    • You need to be sure you have the information to answer the access request from the user (from your data mapping).
    • Note in your data map where exactly you store personal data (in your system and with cross-reference with other systems) to comply with a decline, modification, and erasure requests of users.
    • Decide how you’re going to respond to data portability requests. For that, you need to know what data formats your systems use.
  5. Map your data breach and incident response: Make sure that you and your security/tech/legal/PR colleagues have an incident response plan.
  6. Run a few test incidents and get everyone involved.

There are way more elements that could be added to this checklist, and you need to work with your internal experts and external advisors to come up with a list customized for your needs. For example, you may need to design data protection impact assessments, appoint a data protection officer, manage and review marketing and other company communication practices, and revisit your vendor management and contracting processes.

Having a solid basis by mapping out your data processing activities, gives you a big advantage for any subsequent GDPR compliance question that you may encounter.

You will find below some additional resources that we rely on and find helpful, and we hope they will be useful for you too.

If you want to know more 

Start with the source: The full legal text of the GDPR

The Data Protection Directive is described here.

Here is a Data Protection Authority (DPA) in each EU State. Some of them publish wonderful guidelines on the GDPR implementation. Check it here

The European Data Protection Board also has very useful guidelines. You can find them here.

Get some rest while Sumsub takes care of your compliance obligations. Talk to our team today.

Sign up for our Newsletter

Thank you for subscribing to our newsletters.

A GDPR Checklist for Your Business

We are always happy to help you in case of any questions.

Feel free to contact us at [email protected]

Thanks for contacting us!

We will get in touch with you shortly.

Be up and running in minutes.

Questions? Schedule some time to talk with one of our experts.

This contact form is available only for logged in users.