Implementing the GDPR – your checklist
Use the time until the GDPR as effectively as possible and write a checklist enumerating all the steps your company has to take in order to be in compliance with the GDPR. The following list could serve as an example for such a checklist (please note that this list should be considered as an example and has to be adapted to your company’s respective needs):
- Definition, clarification and assignment of responsibilities: Who in which department is responsible for implementing the GDPR?
- Comprehensively inform decision makers in your company about the requirements of the GDPR and sanctions resulting from breaches.
- Inform the respective employees about their duties under the GDPR and the Austrian Data Protection Act 2018 (e.g. the duty to notify data breaches to the supervisory authority within 72 hours).
- Review and assess the IT structure and, if necessary, enhance the security levels.
- Identify personal data through data mapping: Which personal data are used by whom? Where is the data stored?
- Data security measures: assess whether your company has implemented appropriate technical and organizational measures, such as encryption and pseudonymization processes, and if, necessary, implement these measures.
- Draft a record of processing activities.
- Take the necessary data protection measures and document their implementation in the record of processing activities.
- Check existing contracts for compliance with the Austrian Data Protection Act 2018 and the GDPR and revise them, if necessary.
- Assess the costs that could be imposed in the event of sanctions due to non-compliance.
- Contact the Data Protection Authority, if necessary.