Is your business ready for GDPR? Use this simple checklist to see which areas of your marketing or operations may be affected.
Website
- Update your privacy policy. Learn more about why here.
- Adjust all forms on your website to include specific explicit opt-ins. This includes contact, quote request, demo request, etc.
Email Marketing/e-Newsletter
- Review all of your contact lists. Document where each list came from, how the contacts were acquired and whether or not you still have a valid reason to keep each list.
- Request consent when needed. You must do this in order to keep existing lists obtained without explicit consent, or where you don’t have documentation of consent.
- Stop buying and sending to purchased lists. Delete all old purchased lists.
- Review all of your email sign-up and contact forms. Make sure opt-in checkboxes are not pre-checked and information usage is clearly disclosed.
- Offer clear ways of unsubscribing. Ensure your recipients are aware they have the power to easily remove themselves from your list.
- Don’t automatically add people to subscriber lists. Allow each new subscriber to willingly and explicitly opt in to your mailing list.
General Business
- Assess your third-party exposure. Check with vendors on their compliance.
- Train your team. Educate current and new team members on their responsibilities for data security.
- Audit user data. Check for EU user data first, and keep it separate if possible.
- Document your progress. Create a record of all your GDPR compliance efforts.
- Create a password policy. This policy should be applied to all users (staff, website, etc.).
- Develop a plan in case of breach. Notify customers/the public, and document steps taken to recover assets and protect non-breached data.
Download a printable version of this checklist here: GDPR Checklist
