Personal Data - Have you identified all the Personal Data you hold either in paper or electronic form? Where is it? What is it? How was it collected? How is it secured? Who has access? Is it needed?. These are some of the questions you need answers to.
Staff Training - Have your staff been made aware of GDPR? Do they know how to handle data and what to do in different circumstances?
Understand Consent - Having the explicit consent to data is a very important part of the GDPR regulations. This consent must be recorded and it can be withdrawn.
Subject Access Requests - Do you have a Subject Access Request procedure in place? Are you aware of your responsibilities in this area?
Prepared for a Breach - Have you got a Data Breach Notification plan in place. Do you know what you have to do if you lose data?
Have your Policies and Procedures - Have you got all you policies and procedures in place to show you compliance and are they known to all staff?
Data Security - Have you taken all steps to ensure that Personal Data is secure,
Data Protection Officer - Does you organisation need one? Who is responsible for compliance?
Rights of the Data Subject - Do you fully understand the rights of the Data Subject under GDPR and are you prepared for them?
Contracts - Have you got the proper Data Controller - Data Processor contracts and agreements in place