Skip to main content

BBR Creative’s GDPR Checklist

bbr creative gdpr checklist

Is your business ready for GDPR? Use this simple checklist to see which areas of your marketing or operations may be affected.


  • Update your privacy policy. Learn more about why here.
  • Adjust all forms on your website to include specific explicit opt-ins. This includes contact, quote request, demo request, etc.

Email Marketing/e-Newsletter

  • Review all of your contact lists. Document where each list came from, how the contacts were acquired and whether or not you still have a valid reason to keep each list.
  • Request consent when needed. You must do this in order to keep existing lists obtained without explicit consent, or where you don’t have documentation of consent.
  • Stop buying and sending to purchased lists. Delete all old purchased lists.
  • Review all of your email sign-up and contact forms. Make sure opt-in checkboxes are not pre-checked and information usage is clearly disclosed.
  • Offer clear ways of unsubscribing. Ensure your recipients are aware they have the power to easily remove themselves from your list.
  • Don’t automatically add people to subscriber lists. Allow each new subscriber to willingly and explicitly opt in to your mailing list.

General Business

  • Assess your third-party exposure. Check with vendors on their compliance.
  • Train your team. Educate current and new team members on their responsibilities for data security.
  • Audit user data. Check for EU user data first, and keep it separate if possible.
  • Document your progress. Create a record of all your GDPR compliance efforts.
  • Create a password policy. This policy should be applied to all users (staff, website, etc.).
  • Develop a plan in case of breach. Notify customers/the public, and document steps taken to recover assets and protect non-breached data.

Download a printable version of this checklist here: GDPR Checklist