Compliance Checklist

Compliance Checklist

We've compiled a list of questions to ensure compliance with the GDPR and DPA. The Information Commissioner Office publishes an excellent Compliance Quiz with a traffic light assessment of your compliance. Don't worry they don't follow-up directly if you fail to comply. We highly recommend you complete this when you feel ready!

Meantime though, we've covered the key questions below with links to the advice given by the ICO and our own resources where available.

Have you appointed a Data Protection Officer if required?

Registered with the ICO & fee paid if required?

Do you comply with the Right to be Informed at the point of collection via a Fair Processing Notice

Have published an accessible (even a child could understand!) Data Protection (Privacy) Policy?

See our advice on how to right an effective Privacy Policy

Do you comply with all Data Protection Principles:

• Lawfulness, Fairness & Transparency
• Purpose Limitation (see also Fair Processing Notice)
• Data minimisation
• Accuracy
• Storage Limitation (Data Retention policy)
• Security
• Accountability

Do you practise "Privacy / Data Protection by design"?

Within your Data Strategy, have you defined the processes to:

• comply with Subject rights within 21 days (including Subject Access Requests)?
• respond to comply with other policies(e.g. Data Retention)
• respond to report non-complaince to ICO where required (e.g. data breach within 72 hours)?

Do you conduct Privacy Impact Assessments for all data processing activities?

Where relying on Legitimate Interests as the grounds for processing, have you recorded a 3-part "Balance" Test?

Is Consent positively indicated, freely given, unambiguous & specific?