Your checklist

Know/define your GDPR role
‍
‍If you are a controller go to our GDPR compliance Controller Checklist
If you are a processor go to our GDPR compliance Processor Checklist

‍Know your data
‍Record of Processing Activities (RoPA)
Do you need a RoPA?
Yes, if any of the following conditions applies to you:
Your company has more than 250 employees
Your processing activities might result in a risk to the rights and freedoms of data subjects
Your processing is done frequently
You process special categories of personal dataYou process personal data related to offenses and criminal convictions

How to create and maintain your RoPA(s)
Check out our RoPA free template
Privacy NoticeWhat is a PN
How a PN should be done
Check out our Privacy Notice free template
Set your internal policies and procedures
‍
Define the privacy roles and responsibilities in your organization
Data Protection Officer
Book a meeting with Chino to discuss our DPO as a Service offers EU representatives
Book a meeting with Chino to discuss our DPO as a Service offers
Formally appoint System Administrators
Formally appoint a Security Officer
Appoint a specific person to maintain and update the Register of IT resources
Train your personnel

Agreements
Between data controllers
Data Processing Agreements (DPA)
Check out our free DPA template
Manage privacy risksRisk Assessment (RA)
Data Protection Impact Assessment (DPIA)
Check out our DPIA template3rd countries transfer

Data subject rights
Right to be informed
Have clear and adequate Privacy Notice(s)
Make sure processing is fair and transparentRight of Access
Make sure you have mechanisms in place so that, upon request from the data subject, they are given access to and copies of their personal data, in a timely manner
Right to Rectification
Make sure you have mechanisms in place so that, upon request from the data subject, you are able to locate and correct/update the data as requested

Right to Erasure / to be Forgotten
Make sure you have mechanisms in place so that, upon request from the data subject, you are able to locate and erase the personal data as requested
‍
Right to Restriction of Processing
Make sure you have mechanisms in place so that, upon request from the data subject, you are able to locate the personal data across all the systems (including systems of any processor or subprocessor) and restrict its processing effectively, adequately and appropriatelyRight to Data Portability
Make sure you have mechanisms in place so that, upon request from the data subject, you are able to provide the data subject with their personal data in a structured and/or widely used machine readable format

Right to Object
Make sure you have mechanisms in place so that, upon request from the data subject, you are able to locate the personal data across all the systems (including systems of any processor or subprocessor) and restrict its processing effectively, adequately and appropriately
Automated Individual Decision Making
Identify any case of decisions based solely on automated processing or profiling, which might have effects on or affect the data subject
Determine the legal basis for this type of processing and make sure to stop this processing where and when appropriate

Manage Consent
Is consent the legal basis for processing data?
Have a consent management system compliant with GDPR requirementsCheck out our Consent management Solution

Manage Cookies
Choose the Cookies you want to use
Have a Cookie Policy
Have a Cookie management system

Technical Security controls
Implement appropriate technical measures to protect the data you manage
You can follow ENISA’s guidelines
ScribaCustodia
Book a meeting with Chino