To understand the GDPR checklist, it is also useful to know some of the terminology and the basic structure of the law. You can find this information on our What is GDPR? page. Please keep in mind that nothing on this page constitutes legal advice. We recommend you speak with an attorney specialized in GDPR compliance who can apply the law to your specific circumstances.
If your organisation is determining the purpose of the storage or processing of personal information, it is considered a controller. If your organisation stores or processes personal data on behalf of another organisation, it is considered a processor. It is possible for your organisation to have both roles. Use the filter below to view only the relevant checklist items for your organisation.
This list is far from a legal exhaustive document, it merely tries to help you overcome the struggle.
If you’ve dutifully worked to the bottom of the GDPR checklist then you’ve significantly limited your exposure to regulatory penalties.
Finally, we want to remind you once more that this checklist is not in any way legal advice. There are dozens of provisions in the GDPR that apply only in rare instances, which would be counterproductive to cover here. You should check with a lawyer to make sure your organization fully complies with the GDPR.