The GDPR requirements and deadlines have been a subject of heated discussion since their introduction in 2016. We have prepared a GDPR compliance checklist to make your GDPR preparation journey fast and smooth.

As GDPR enforcement is only weeks away, European businesses and organisations that deal with personal data covered by the GDPR should work hard to ensure appropriate processes are in place to avoid unprecedented fines. For those still struggling with the challenges of compliance, here is a GDPR compliance checklist to make your life easier. These five steps include some of the UK Data Protection Authority’s (ICO’s) guidance, as well as recommendations based on our experience, both at ELEKS and with our clients.

1. Data Inventory

As a starting point, you will need to take stock of the data you already hold, from location and lifecycles to current compliance status. Once the inventory is specified, you should move on to scoping, which involves clarifying:

Which entities are involved in your processing activities (both internally and externally)? Which projects (internal or external) include personal data? What standards and frameworks (organisational and security) exist within your company?

When you start to feel like there’s no end in sight to this process, you should move on to analysing the data itself. There’s no need to get too deep into this just yet, at this point you should categorise the information according to the project, that should be enough for now.

Two essential factors to consider are: where did you get the data (source) and what’s your legal basis for having it and processing it? If data has been obtained or kept without solid legal ground, you should consult with a privacy professional as soon as possible to find a remedy.

In general, to perform data inventory, you need to take the following steps: