The document provides a 10-step checklist for organizations to prepare for the General Data Protection Regulation (GDPR) compliance deadline of May 25th. The steps include: 1) analyzing data to understand what personal data is collected and where it is located; 2) evaluating privacy policies and completing an audit; 3) identifying data access rights policies; 4) reviewing processes for obtaining consent from data subjects; 5) implementing new practices for handling children's data; 6) procedures for detecting and reporting data breaches; 7) familiarizing with privacy impact assessments; 8) starting preparation early rather than waiting until the deadline; 9) using data discovery and management tools to identify personal data across systems; and 10) appointing a data protection officer

1. Analyse your data
Review the data you hold, which data is considered personal or sensitive data,
where that data is located, what you do with the data, who has access to the
data, etc. Build a data inventory with a single data management system to easily
understand your data estate.
3
4 Procedures and processes
Evaluate your current privacy policies and identify areas where these may need
to be updated. Complete a privacy audit with either internal resource or through
an external provider.
5 Data Access Rights
Identify your current policies for data access rights and document how changes
should be handled. Ensure that all data processing activities have a clear legal
basis for processing.
6 Data Subject Consent
Review current processes for seeking, obtaining and recording consent – ensure
that where appropriate you have consent from data subjects for processing
activities, and whether that consent is still valid under the GDPR.
7 Children’s Data
If applicable implement new practices for age verification and guardian consent
when processing Children’s data. Ensure that children’s data is processed with
the highest level of security in accordance with the GDPR.
8 Data breaches
Implement a procedure for your organisation to detect, investigate, handle and
report on data breaches. Conduct data breach tests internally to stress test
whether your procedures are adequate for GDPR.
9 Impact assessment
Familiarise yourself with the ICO’s Privacy Impact and Assessments and imple-
ment best practices within your organisation. Ensure that your GDPR policies are
enterprise-wide and take into account all business activities.
10 Be prepared
Preparation is key for GDPR, don’t wait until May 25th! Start planning and imple-
menting your strategy now.
Find out how our GDPR data discovery and management can identify personal
data and sensitive data across all systems including structured, semi-structured
and unstructured data sources. Establish a much-needed single view of your
data and apply metadata tagging capabilities to help you understand your data
inventory, automate your data retention processes and respond to data subject
access requests post May 25th.
Contact us today at gdpr@connexica.com
There are only 6 months to go until the May 25th GDPR
compliance deadline. To help you get the ball rolling we have
produced a quick start guide to get you to start thinking about
your GDPR strategy and what you need to do to ensure you are
ready prior to May 25th.
GDPR Checklist
1 Appoint a Data Protection Officer (DPO)
Determine whether your organisation requires a DPO. Even if you don’t need
one it’s a good idea to make one person/team responsible for data governance
to help ensure you stay ahead of any potential changes to your responsibilities.
2 Understand and inform
Ensure you and all members of your organisation understand the new rules and
regulations that fall under GDPR, and that everyone understands their roles and
responsibilities.