Step 1: GDPR Compliance Checklist

Get Started. It's Free
or sign up with your email address
Rocket clouds
Step 1: GDPR Compliance Checklist by Mind Map: Step 1: GDPR Compliance Checklist

1. Consent Management

1.1. Record

1.1.1. Maintain a record of consent with each data set (WATS/Marketing)

1.2. Explain

1.2.1. Clearly explain what the subject is consenting to. (Legal/Marketing)

1.3. Website cookies

1.3.1. Create clear and flexible cookie options (WATS/Marketing)

1.3.2. Clearly outline what each cookie is used for and what it means to opt out of cookie usage and how website experience may be affected. (WATS/Marketing)

2. Internal privacy representatives

2.1. Data Privacy Officer

2.1.1. Do we need one to be compliant?

2.2. Leadership

2.2.1. Employee

2.2.2. Employee

2.3. HR

2.3.1. Employee

2.3.2. Employee

2.4. Marketing

2.4.1. Chris LaPage

2.4.2. Erica Oh-Delacruz

2.5. WATS

2.5.1. Employee

2.5.2. Employee

2.6. International Programs

2.6.1. Employee

2.6.2. Employee

2.7. Student Services

2.7.1. Employee

2.7.2. Employee

2.8. Research Team

2.8.1. Employee

2.8.2. Employee

2.9. Legal

2.9.1. Julia?

3. Data Classification and Access

3.1. Sensitive Personal Information

3.1.1. Who has access?

3.1.2. Where is it stored and for how long?

3.1.3. What Data is stored exactly?

3.1.4. What is this data used for exactly?

3.1.5. Provide a list of data processors and proof of GDPR compliance.

3.2. Personal Information

3.2.1. Who has access?

3.2.2. Where is it stored and for how long?

3.2.3. What Data is stored exactly?

3.2.4. What is this data used for exactly?

3.2.5. Provide a list of data processors and proof of GDPR compliance.

3.3. Marketing and behavior Data

3.3.1. Who has access?

3.3.2. Where is it stored and for how long?

3.3.3. What Data is stored exactly?

3.3.4. What is this data used for exactly?

3.3.5. Provide a list of data processors and proof of GDPR compliance.

4. Data Protection

4.1. Outline Security Measures

4.1.1. EX. SSL (WATS/CS)

4.1.2. EX. Multi-factor-authentication (WATS/CS)

4.2. Breach Notifications

4.2.1. Clearly defined incident response plan. (WATS/Marketing)

4.2.2. How will we detect and notify of data breeches within 72 hours. (WATS/CS/Marketing)

4.3. Privacy Notices

4.3.1. Website Privacy Policy Updates (Legal/Marketing)

4.4. Data Rights

4.4.1. Subject rights requests workflow (ALL)