Your GDPR Checklist so far

 We have covered quite a lot in our GDPR series so far. You would be quite forgiven for feeling a little overwhelmed at everything which needs to be accomplished in order to be compliant with the legislation! In order to help you kick start the process and feel confident that you’re up to speed, we have broken down the required tasks into a series of simple steps:

visual separator

checkboxFigure out whether you’re a controller or a processor (perhaps you are both!)

checkboxOutline the personal data you process and/or control

checkboxList anyone who processes your customers’ data – ensure that they comply with GDPR

checkboxDo you need consent or can you rely on legitimate interest for processing that data?
! Remember that you need to ask this question for each separate process !

  • If you require consent, how will you acquire it in a compliant manner? E.g. tick box or another type of affirmative action
  • How will you record consent?
  • Create/refine your process for an individual to withdraw consent


checkboxDo you require all the data you collect? If not pare it back

checkboxHow long do you need to store data for? What do you do when that time expires? Write a document (known as a retention policy) outlining to your customers what you do – e.g. anonymise/delete their data etc.

  • Make a list of all the personal data types you store
  • Where do you hold this data?
  • Define the storage period for each
  • Implement your policy & add it to your privacy policy


checkboxIs your data stored securely? If not, put the means in motion to ensure your data is secure

checkboxCreate a privacy policy

  • Your business’s contact details
  • Reasons for collecting and using personal data
  • Any 3rd parties that you work with and what information you pass to them
  • Details of your retention periods
  • Your customers’ rights (including right to withdraw consent and right to lodge a complaint)


visual separator

PREVIOUS: Legitimate Interests under the GDPR

NEXT:  Child Interests under the GDPR


If you have any questions about the points I've raised, or want a more in-depth chat about all things GDPR, please get in touch via the form below.


Are you aware that Mercurytide also offer GDPR compliance training for your employees? 

TRY OUR FREE TRAINING DEMO


Enjoy what you're reading? Read one of our other articles on GDPR below.