BBR Creative’s GDPR Checklist

Is your business ready for GDPR? Use this simple checklist to see which areas of your marketing or operations may be affected.

Website

• Update your privacy policy. Learn more about why here.
• Adjust all forms on your website to include specific explicit opt-ins. This includes contact, quote request, demo request, etc.

Email Marketing/e-Newsletter

• Review all of your contact lists. Document where each list came from, how the contacts were acquired and whether or not you still have a valid reason to keep each list.
• Request consent when needed. You must do this in order to keep existing lists obtained without explicit consent, or where you don’t have documentation of consent.
• Stop buying and sending to purchased lists. Delete all old purchased lists.
• Review all of your email sign-up and contact forms. Make sure opt-in checkboxes are not pre-checked and information usage is clearly disclosed.
• Offer clear ways of unsubscribing. Ensure your recipients are aware they have the power to easily remove themselves from your list.
• Don’t automatically add people to subscriber lists. Allow each new subscriber to willingly and explicitly opt in to your mailing list.

General Business

• Assess your third-party exposure. Check with vendors on their compliance.
• Train your team. Educate current and new team members on their responsibilities for data security.
• Audit user data. Check for EU user data first, and keep it separate if possible.
• Document your progress. Create a record of all your GDPR compliance efforts.
• Create a password policy. This policy should be applied to all users (staff, website, etc.).
• Develop a plan in case of breach. Notify customers/the public, and document steps taken to recover assets and protect non-breached data.

Download a printable version of this checklist here: GDPR Checklist