Compliance Checklist
Compliance Checklist
Compliance Checklist
We've compiled a list of questions to ensure compliance with the GDPR and DPA. The Information Commissioner Office publishes an excellent Compliance Quiz with a traffic light assessment of your compliance. Don't worry they don't follow-up directly if you fail to comply. We highly recommend you complete this when you feel ready!
Meantime though, we've covered the key questions below with links to the advice given by the ICO and our own resources where available.
Have published an accessible (even a child could understand!) Data Protection (Privacy) Policy?
Have published an accessible (even a child could understand!) Data Protection (Privacy) Policy?
See our advice on how to right an effective Privacy Policy
Do you comply with all Data Protection Principles:
Do you comply with all Data Protection Principles:
- Lawfulness, Fairness & Transparency
- Purpose Limitation (see also Fair Processing Notice)
- Data minimisation
- Accuracy
- Storage Limitation (Data Retention policy)
- Security
- Accountability
Within your Data Strategy, have you defined the processes to:
Within your Data Strategy, have you defined the processes to:
- comply with Subject rights within 21 days (including Subject Access Requests)?
- respond to comply with other policies(e.g. Data Retention)
- respond to report non-complaince to ICO where required (e.g. data breach within 72 hours)?
Do you conduct Privacy Impact Assessments for all data processing activities?
Do you conduct Privacy Impact Assessments for all data processing activities?
Where relying on Legitimate Interests as the grounds for processing, have you recorded a 3-part "Balance" Test?
Where relying on Legitimate Interests as the grounds for processing, have you recorded a 3-part "Balance" Test?
Is Consent positively indicated, freely given, unambiguous & specific?
Is Consent positively indicated, freely given, unambiguous & specific?