Your GDPR Checklist - Steps to Compliance under the EU law - Xivic Agency Insights
Xivic Company Logo Mobile Menu Icon
Blog

Understanding GDPR - A Compliance Checklist for the new EU law

Ali Zakeri

05/16/2018

Share:

Is your organization ready for GDPR? The new EU privacy law takes effect in less than 10 days so let’s review how to prepare your business to be fully compliant. If you’re already familiar with GDPR, check out our GDPR Compliance Checklist to assess your organization’s readiness for the deadline on May 25, 2018.

What is the General Data Protection Regulation (GDPR) ?

The European Union (EU) enacted GDPR to better protect the privacy of EU citizens by regulating how personal data can be collected, stored, and used by organizations. Many businesses around the world will be impacted by the new privacy protections because any company that collects data from EU citizens will need to comply with the new rules by May 25. The official EU regulation can be reviewed here.

What organizations will be affected by GDPR?

Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:

  • A presence in an EU country.
  • No presence in the EU, but it processes personal data of European residents.
  • More than 250 employees
  • Fewer than 250 employees but its data-processing could impact the rights of data subjects, or includes certain types of sensitive personal data. That effectively means almost all companies. A PwC survey showed that 92 percent of U.S. companies consider GDPR a top data protection priority.

Personal Data-Processing that can put your organization at risk

If your organization conducts business online, many of the data tracking/collection methods can put you at risk. Examples include:

  • Google Analytics
  • Adobe Analytics
  • Google Adwords
  • Newsletter Mailing Lists
  • 3rd party website tracking tools

How does your organization ensure compliance?

Overall, your organization needs to develop processes to complete any data requests from your users regarding their personal data. GDPR states that you must deliver a complete response for a request for personal data information within 30 days. A complete response includes:

  • What personal data is being recorded about the user
  • The data storage location
  • Why your organization recorded and used their personal data
  • The data retention period

If you collect and process a large amount of personal data, your organization may need to hire a Data Privacy Officer to ensure personal data is storage securely and fully compliant. Developing business processes and documentation to deal with a data security breach can also better prepare your organization for a worst case scenario of a hack. Under GDPR, you will have less than 72 hours to announce a breach or you can face fines equal to 4% of your annual global revenue or €20 million.

At the minimum, you must have a Privacy Policy in place and update it to comply with GDPR if you process any personal data. You must also update all internal procedure documentation and have a well-defined policy on the data retention periods for all personal data stored at your company.

GDPR Compliance Checklist

To assist you with GDPR compliance, we have published a GDPR Compliance Checklist. This checklist will help determine if your website will require updates to comply with the General Data Protection Regulation. Once reviewed, you can determine next steps on developing the business processes and documentation to make sure your organization is fully compliant with the new regulation.

Disclaimer: The goal of this article is to educate you on GDPR and help you build processes to ensure compliance; however, the final confirmation of GDPR compliance should come from your legal counsel. Your legal counsel should stand behind all legal decisions that are made as any violations could incur fines from the EU.

Our Insights

We're weighing in on the latest and greatest industry news.
SEO Trends in 2017

Xivic Blog

SEO Trends in 2017

Press Icon

SEO Trends in 2017

Upgrade Legacy Systems for Your Existing Clients

Xivic Blog

Upgrade Legacy Systems for Your Existing Clients

Press Icon

Upgrade Legacy Systems for Your Existing Clients

The Benefits of UX for Startups and VCs

Xivic Blog

The Benefits of UX for Startups and VCs

Press Icon

The Benefits of UX for Startups and VCs

Join The Conversation

Certifications

BigCommerce
Bing Ads
Brightedge
Bronto
Conductor Searchlight
Coursera
Drupal
Google-Adwords
Google-Analytics-Certificate
Google-Premier-Partner-Badge
Magento Developer
Shopify Partner
Sitefinity Partner
Wordpress

Contact Us

New Business Inquiries
(323) 525-0108
Career Opportunities
jobs@xivic.com
Public Relations
pr@xivic.com

7461 Beverly Blvd Suite #400,

Los Angeles, CA 90036

Bulevardul Primaverii 68

Iasi, Romania