BBR Creative’s GDPR Checklist

| Filed Under: Insights | By:

bbr creative gdpr checklist

Is your business ready for GDPR? Use this simple checklist to see which areas of your marketing or operations may be affected.


  • Update your privacy policy. Learn more about why here.
  • Adjust all forms on your website to include specific explicit opt-ins. This includes contact, quote request, demo request, etc.

Email Marketing/e-Newsletter

  • Review all of your contact lists. Document where each list came from, how the contacts were acquired and whether or not you still have a valid reason to keep each list.
  • Request consent when needed. You must do this in order to keep existing lists obtained without explicit consent, or where you don’t have documentation of consent.
  • Stop buying and sending to purchased lists. Delete all old purchased lists.
  • Review all of your email sign-up and contact forms. Make sure opt-in checkboxes are not pre-checked and information usage is clearly disclosed.
  • Offer clear ways of unsubscribing. Ensure your recipients are aware they have the power to easily remove themselves from your list.
  • Don’t automatically add people to subscriber lists. Allow each new subscriber to willingly and explicitly opt in to your mailing list.

General Business

  • Assess your third-party exposure. Check with vendors on their compliance.
  • Train your team. Educate current and new team members on their responsibilities for data security.
  • Audit user data. Check for EU user data first, and keep it separate if possible.
  • Document your progress. Create a record of all your GDPR compliance efforts.
  • Create a password policy. This policy should be applied to all users (staff, website, etc.).
  • Develop a plan in case of breach. Notify customers/the public, and document steps taken to recover assets and protect non-breached data.

Download a printable version of this checklist here: GDPR Checklist