SlideShare une entreprise Scribd logo

GDPR Readiness Checklist

PrivacyPolicies.com
PrivacyPolicies.com

Getting ready to get GDPR-compliant is a serious undertaking. Our checklist can help you stay on track with things like identifying your data processing methods, determining if you need to hire a DPO and updating or creating a Privacy Policy. Read the full article here: https://privacypolicies.com/blog/gdpr-readiness-checklist/

Droit
1  sur  19
Télécharger pour lire hors ligne
GDPR Readiness Checklist
The EU’s General Data Protection Regulation (GDPR) went into effect in May. Use this GDPR Readiness Checklist to make sure you’re compliant.
Identify All Data Types You Collect from Your Site Users Your Privacy Policy must identify all of the types of data you are collecting from your website visitors. This includes personal data that is collected both directly and indirectly.
The GDPR Defines personal data this way:
Identify All Methods of Data Collecting and Processing You must disclose your methods for collecting, storing, managing and sharing personal data through your site or app.
The GDPR refers to this as “processing.”
Depending on whether you own/operate a website or blog, mobile app, ecommerce store, or SaaS platform, your processing methods might be different.
Websites and Blogs Most websites and blogs collect data through one or all of the following: Site registration forms Contact Us forms Live chat tools Content upgrade requests Social media login integration User preferences settings
Mobile Apps Mobile apps also use direct collection methods to acquire personal information about users, such as: Registration information In-app payment information Community chat forum details Online identifiers and other data
Ecommerce Stores Ecommerce stores collect personal information directly and indirectly with tools such as: “Sign-up for a discount” campaigns Billing and shipping data required for checkout Product preference data Site registration Cookies Google Analytics
Saas Apps SaaS apps have special considerations for complying with the GDPR because of consumer advocacy concerns. “27% of consumers are willing to give up their personal data in exchange for a better or more personalized browsing experience.” - EMC Privacy Index (1) (1) Link to: https://www.emc.com/campaign/privacy-index/global.htm
Consumer Privacy Rights Your customers’ legal ability to understand their privacy rights and risks are central to the GDPR.
Your site visitors must be able to easily: Find, access and understand your Privacy Policy Request a copy of all information you have about them Instruct you to transfer their information to another controller Instruct you to cease collecting or processing their information Instruct you to delete their information Expect you to automatically delete their information you are no longer using Expect you to transfer data outside of the EU only to entities with similar or stronger privacy protections
Special Considerations for Minors The GDPR imposes special considerations for minors, which the regulation defines as a child aged 16 or younger.
You must: Acquire informed consent of a parent or guardian before processing any personal information of a minor Fully inform guardians of how personal data is collected and processed for minor Provide a simple way for allowing minors and their guardians to access to that data, require its deletion or instruct you to transfer it to another entity Not collect any personal information from minors that is not necessary to perform your business
Hire a Qualified Data Protection Officer (if applicable) You are required to appoint a DPO if you are: A public authority An organization engaging in large-scale monitoring of personal data of EU residents An organization engaging in large-scale processing of personal data of EU residents
This clause defines the required duties of the DPO:
By following this checklist and recommendations, you will be ready to formalize your procedures into a compliant Privacy Policy that meets or exceeds the requirements of the GDPR.
GDPR Readiness Checklist

Recommandé

Are You Prepared for the GDPR?
Are You Prepared for the GDPR?Are You Prepared for the GDPR?
Are You Prepared for the GDPR?PrivacyPolicies.com
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 

Contenu connexe

Dernier

Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Rich Bergeron
 
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseTown of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseRich Bergeron
 
Ashutosh Yadav v. State of UP 22nd March, 2024 All HC.pdf
Ashutosh Yadav v. State of UP 22nd March, 2024 All HC.pdfAshutosh Yadav v. State of UP 22nd March, 2024 All HC.pdf
Ashutosh Yadav v. State of UP 22nd March, 2024 All HC.pdfVidit Agrawal
 
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened toENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened toirenelavilla52178
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Rich Bergeron
 
Smarp snapshot 200 -- Google Cloud Next '24
Smarp snapshot 200 -- Google Cloud Next '24Smarp snapshot 200 -- Google Cloud Next '24
Smarp snapshot 200 -- Google Cloud Next '24Jong Hyuk Choi
 
Anti-Online Sexual Abuse or Exploitation of Children (OSAEC) and Anti-Child S...
Anti-Online Sexual Abuse or Exploitation of Children (OSAEC) and Anti-Child S...Anti-Online Sexual Abuse or Exploitation of Children (OSAEC) and Anti-Child S...
Anti-Online Sexual Abuse or Exploitation of Children (OSAEC) and Anti-Child S...Diamond959916
 
IOS PPT.pptx doctrine of stare decisiss
IOS PPT.pptx doctrine of stare decisissIOS PPT.pptx doctrine of stare decisiss
IOS PPT.pptx doctrine of stare decisissPothysVaran1
 
Power Point Obligations and contracts Article 1313-1327
Power Point Obligations and contracts Article 1313-1327Power Point Obligations and contracts Article 1313-1327
Power Point Obligations and contracts Article 1313-1327bariajenne
 
OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...Dr. Oliver Massmann
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsRich Bergeron
 

Dernier (11)

Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
 
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseTown of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
 
Ashutosh Yadav v. State of UP 22nd March, 2024 All HC.pdf
Ashutosh Yadav v. State of UP 22nd March, 2024 All HC.pdfAshutosh Yadav v. State of UP 22nd March, 2024 All HC.pdf
Ashutosh Yadav v. State of UP 22nd March, 2024 All HC.pdf
 
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened toENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
 
Smarp snapshot 200 -- Google Cloud Next '24
Smarp snapshot 200 -- Google Cloud Next '24Smarp snapshot 200 -- Google Cloud Next '24
Smarp snapshot 200 -- Google Cloud Next '24
 
Anti-Online Sexual Abuse or Exploitation of Children (OSAEC) and Anti-Child S...
Anti-Online Sexual Abuse or Exploitation of Children (OSAEC) and Anti-Child S...Anti-Online Sexual Abuse or Exploitation of Children (OSAEC) and Anti-Child S...
Anti-Online Sexual Abuse or Exploitation of Children (OSAEC) and Anti-Child S...
 
IOS PPT.pptx doctrine of stare decisiss
IOS PPT.pptx doctrine of stare decisissIOS PPT.pptx doctrine of stare decisiss
IOS PPT.pptx doctrine of stare decisiss
 
Power Point Obligations and contracts Article 1313-1327
Power Point Obligations and contracts Article 1313-1327Power Point Obligations and contracts Article 1313-1327
Power Point Obligations and contracts Article 1313-1327
 
OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
 

GDPR Readiness Checklist

  • 2. The EU’s General Data Protection Regulation (GDPR) went into effect in May. Use this GDPR Readiness Checklist to make sure you’re compliant.
  • 3. Identify All Data Types You Collect from Your Site Users Your Privacy Policy must identify all of the types of data you are collecting from your website visitors. This includes personal data that is collected both directly and indirectly.
  • 4. The GDPR Defines personal data this way:
  • 5. Identify All Methods of Data Collecting and Processing You must disclose your methods for collecting, storing, managing and sharing personal data through your site or app.
  • 6. The GDPR refers to this as “processing.”
  • 7. Depending on whether you own/operate a website or blog, mobile app, ecommerce store, or SaaS platform, your processing methods might be different.
  • 8. Websites and Blogs Most websites and blogs collect data through one or all of the following: Site registration forms Contact Us forms Live chat tools Content upgrade requests Social media login integration User preferences settings
  • 9. Mobile Apps Mobile apps also use direct collection methods to acquire personal information about users, such as: Registration information In-app payment information Community chat forum details Online identifiers and other data
  • 10. Ecommerce Stores Ecommerce stores collect personal information directly and indirectly with tools such as: “Sign-up for a discount” campaigns Billing and shipping data required for checkout Product preference data Site registration Cookies Google Analytics
  • 11. Saas Apps SaaS apps have special considerations for complying with the GDPR because of consumer advocacy concerns. “27% of consumers are willing to give up their personal data in exchange for a better or more personalized browsing experience.” - EMC Privacy Index (1) (1) Link to: https://www.emc.com/campaign/privacy-index/global.htm
  • 12. Consumer Privacy Rights Your customers’ legal ability to understand their privacy rights and risks are central to the GDPR.
  • 13. Your site visitors must be able to easily: Find, access and understand your Privacy Policy Request a copy of all information you have about them Instruct you to transfer their information to another controller Instruct you to cease collecting or processing their information Instruct you to delete their information Expect you to automatically delete their information you are no longer using Expect you to transfer data outside of the EU only to entities with similar or stronger privacy protections
  • 14. Special Considerations for Minors The GDPR imposes special considerations for minors, which the regulation defines as a child aged 16 or younger.
  • 15. You must: Acquire informed consent of a parent or guardian before processing any personal information of a minor Fully inform guardians of how personal data is collected and processed for minor Provide a simple way for allowing minors and their guardians to access to that data, require its deletion or instruct you to transfer it to another entity Not collect any personal information from minors that is not necessary to perform your business
  • 16. Hire a Qualified Data Protection Officer (if applicable) You are required to appoint a DPO if you are: A public authority An organization engaging in large-scale monitoring of personal data of EU residents An organization engaging in large-scale processing of personal data of EU residents
  • 17. This clause defines the required duties of the DPO:
  • 18. By following this checklist and recommendations, you will be ready to formalize your procedures into a compliant Privacy Policy that meets or exceeds the requirements of the GDPR.