gdpr email compliance checklist

GDPR Compliance Checklist for Indian Companies. The GDPR requires organizations to carry out this kind of analysis whenever they plan to use people's data in such a way that it's "likely to result in a high risk to [their] rights and freedoms." Make sure you can verify the identity of the person requesting the data. Our GDPR preparations have included a comprehensive review of relevant internal processes, procedures and documentation. In the near future, the rest of the world may soon adopt similar legislation in light of the recent investigation into Cambridge Analytica and Facebook. The 16 point checklist provides a detailed overview of your responsibilities and duties with regards to customer data. Privacy Policy. Some organizations, like public bodies, are not required to appoint a representative in the EU. The policy exerts a substantial impact on a number of companies – especially the ones operating in Europe. Instantly Download GDPR Compliance Checklist Template, Sample & Example in Microsoft Word (DOC), Google Docs, Apple (MAC) Pages, Format. The law also includes the threat of large fines for non-compliance, which can reach 4% of global revenue or €20 million, depending on the severity and circumstances of … They also have a right to know how long you plan to store their information and the reason for keeping it that length of time. There is much buzz in the email marketing world right now on just how nervous we should be—with some publications predicting the end of email marketing as we know it, and others nearly shrugging off the law because of a phrase called “legitimate interest.”. Otherwise, you may be able to challenge their objection if you can demonstrate "compelling legitimate grounds.". Until this requirement is interpreted, it may be prudent to designate a representative in a member state that uses your language. Maintaining records of how and why personal data was collected as well as the documentation of the processes are therefore vital. This brief guide to GDPR email compliance focuses on emails in particular because it is the most frequently-used channel through which data enters a business, is shared and stored. Most of the productivity tools used by businesses are now available with end-to-end encryption built in, including email, messaging, notes, and cloud storage. Final thoughts and tips; First, avoid these GDPR mistakes We recommend you speak with an attorney specialized in GDPR compliance who can apply the law to your specific circumstances. or just starting your journey, we’ve put together a GDPR Compliance checklist xls document to help you. It's easy for your customers to request and receive all the information you have about them. In your list, you should include: the purposes of the processing, what kind of data you process, who has access to it in your organization, any third parties (and where they are located) that have access, what you're doing to protect the data (e.g. It's easy for your customers to receive a copy of their personal data in a format that can be easily transferred to another company. Feb 2019 Create a security policy that ensures your team members are knowledgeable about data security. Another part of "data protection by design and by default" is making sure someone in your organization is accountable for GDPR compliance. The re-permission campaign should establish GDPR-compliant consent; otherwise, that user should be unsubscribed. It is by no means to be perceived as legal advice. The checklist below also provides key questions for organizations to confirm compliance. 4 min It's easy for your customers to ask you to stop processing their data. Have a legal justification for your data processing activities. Taking into account the state of the art, … Let’s talk about Legitimate Interest first. Here is an overview of GDPR and a checklist for becoming GDPR compliant. encryption), and when you plan to erase it (if possible). Your small business GDPR checklist should consider past and present employees, suppliers, and customers. You must notify the data subject before you begin processing their data again. Finally, we want to remind you once more that this checklist is not in any way legal advice. Notices and Consent. Since every business is different and the GDPR takes a risk-based approach to data protection, companies should work to assess their own data collection and storage practices (including the ways they use HubSpot’s marketing and sales tools), seek their own legal advice to ensure that their business practices comply with the GDPR. Quickly Customize. This is not an official EU Commission or Government resource. right to see what personal data you have about them. We recommend checking out additional sources that have been covering the GDPR. The UK Information Commissioner's Office (ICO) has a data protection impact assessment checklist on its website. Data Processing Agreement Have a process in place to notify the authorities and your data subjects in the event of a data breach. This includes any third-party services that handle the personal data of your data subjects, including analytics software, email services, cloud servers, etc. A list of many of the EU member states supervisory authorities can be found here. You are required to honor their request within about a month. Study GDPR Requirements: Small business owners should study the General Data Protection Regulation and become familiar with the allowable processes to ensure that they are adhering with all GDPR requirements. The ICO recommends just doing it anytime you're about to process personal data. Article 6 of GDPR outlines six possible reasons that constitute lawfulness of processing personal data. You should explain how the data is processed, who has access to it, and how you're keeping it safe. It’s important to note that the policies above apply to email addresses collected both before and after May 25th, 2018—which means if you have subscribers residing in the EU and any of those emails were collected in a manner not compliant with GDPR, you should seriously consider running a re-permission campaign. It’s also important to periodically audit your organization’s email lists to ensure there is no non-compliant data. Are you ready for the GDPR? Free GDPR Newsletter. So here’s what you need to know. Do your best to keep data up to date by putting a data quality process in place, and make it easy for your customers to view (Article 15) and update their personal information for accuracy and completeness. It must be presented "in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.". GDPR.eu is co-funded by the Horizon 2020 Framework Programme of the European Union and operated by Proton Technologies AG. In short, GDPR requires an extra level of accountability and places the responsibility firmly with the publisher to be able to demonstrate how compliance with GDPR principles is being managed and tracked. Weekly HIPAA news via email. It's easy for your customers to correct or update inaccurate or incomplete information. We’re here to say: don’t panic, but be prepared. Corporate Governance It also includes guidance on how to update your privacy and cookie policies when using Albacross. You must follow the principles of "data protection by design and by default," including implementing "appropriate technical and organizational measures" to protect data. This information should be included in your privacy policy and provided to data subjects at the time you collect their data. The europa.eu webpage concerning GDPR can be found here. © 2020 Proton Technologies AG. If your business is located in the EU, if you conduct business within the EU, or if you cater to an EU audience, you need to ensure compliance and GDPR consent for email marketing. There are three circumstances in which organizations are required to have a Data Protection Officer (DPO), but it's not a bad idea to have one even if the rule doesn't apply to you. If you're processing their data for the purposes of direct marketing, you have to stop processing it immediately for that purpose. GDPR compliance checklist for app development The European Union’s General Data Protection Regulation (GDPR) has been in force since May 25, 2018. In other words, data protection is something you now have to consider whenever you do anything with other people's personal data. If you've dutifully worked to the bottom of the GDPR checklist then you've significantly limited your exposure to regulatory penalties. GDPR compliance checklist. Additionally, we have and continue to actively develop and implement data protection policies, procedures, controls and security measures for GDPR compliance. This protects all EU citizens regardless of where the company is based. You should be able to comply with such requests within a month. CRM & Email Marketing, Mar 2019 , GDPR This is a simple GDPR compliance checklist for controllers that you can use to ensure you have considered most important aspects of the GDPR. The GDPR requires organizations to use encryption or pseudeonymization whenever feasible. You should be able to comply with requests under Article 16 within a month. Know when to conduct a data protection impact assessment, and have a process in place to carry it out. The point is that it needs to be something you and your employees are always aware of. For those in English-speaking non-EU countries, you may find it easiest to notify the Office of the Data Protection Commissioner in Ireland. 6 min If you make decisions about people based on automated processes, you have a procedure to protect their rights. The final decision should be a conversation between your organization and its legal team. The key considerations should always be transparency and privacy. Please keep in mind that nothing on this page constitutes legal advice. People have the right to see what personal data you have about them and how you're using it. Small Business GDPR Checklist There are a number of steps that are very important for small business owners to follow if they wish to avoid breaching GDPR. More to read on this topic: Records of processing activities in GDPR Article 30. Checklist 2: Assess your preparedness for the GDPR compliance. Some types of organizations use automated processes to help them make decisions about people that have legal or "similarly significant" effects. 3 min Neither reaction is probably appropriate. In your list, you should include: the purposes of the processing, what kind of data you process, who has access to it in your organization, any third parties … communicate data breaches to your data subjects. General Requirements of GDPR The usual requirements of the EU General Data Protection Regulation remain the same regardless of the situation. Digital Marketing. It's easy for your customers to object to you processing their data. You should check with a lawyer to make sure your organization fully complies with the GDPR. A cloud compliance checklist for the GDPR age The cloud is supposed to make things simpler, but when it comes to compliance, things can get complex. If you have any email subscribers who are EU citizens, it seems that you need to send them an email before May 25 asking them if they’d like to stay on your email list. There is more detail behind each issue noted below. The two data collection and processing policies of GDPR that email marketers are talking most about are (1) Consent and (2) Legitimate Interest. COVID-19 Remote Working – GDPR Data Security Checklist Here is a checklist for data processors to maintain their compliance with General Data Protection Regulation, and prevent from getting fines by GDPR. Thanks for signing up to be a Wpromote Insider. Learn … ... email address, IP-address or location data. Right to Erasure Request Form The best way to demonstrate GDPR compliance is using a data protection impact assessment Organizations with fewer than 250 employees should also conduct an assessment because it will make complying with the GDPR's other requirements easier. In the wake of the GDPR, many email marketing services have released GDPR-compliance guides specific to their platforms. You are also required to quickly communicate data breaches to your data subjects unless the breach is unlikely to put them at risk (for instance, if the stolen data is encrypted). You need to make it easy for people to request human intervention, to weigh in on decisions, and to challenge decisions you've already made. Weekly GDPR news via email. Conclusion — GDPR Checklist. There are dozens of provisions in the GDPR that apply only in rare instances, which would be counterproductive to cover here. 2 min You must also try to verify the identity of the person making the request. There are a five grounds on which you can deny the request, such as the exercise of freedom of speech or compliance with a legal obligation. Make sure you can verify the identity of the person requesting the data. GDPR + Email Marketing In A Nutshell. Our GDPR checklist can help you secure your organization, protect your customers’ data, and avoid costly fines for non-compliance. It should include guidance about email security, passwords, two-factor authentication, device encryption, and VPNs. Depending on the size of your organization or business it can be a hurdle to get properly prepared. GDPR compliance is easier with encrypted email. Chances are, you’ll end up paying for that cookie—either with frustrated customers, or even worse, paying a fine. The GDPR is a European Union data privacy law that requires organizations to keep data safe, while also giving people more control over how their data are used. GDPR Compliance Checklist for Email Marketing Step 1: Email EU subscribers and ask if they want to stay on your list. Mandatory Breach Notification – Under GDPR, it’s required that organizations notify the European Commission of a … ... GDPR Compliance Checklist for Home Businesses ... you need to be compliant. CRM & Email Marketing, Dec 2018 page. People generally have the right to ask you to delete all the personal data you have about them, and you have to honor their request within about a month. Nothing found in this portal constitutes legal advice. GDPR is a European Union privacy protection regulation that addresses how personal data is collected, used, and managed. Free HIPAA Newsletter. You should only use third parties that are reliable and can make sufficient data protection guarantees. Conduct an information audit to determine what information you process and who has access to it. Your Email Marketing & GDPR-Compliance Checklist. Data controllers need to make sure that have user consent to collect personal … GDPR is undoubtedly confusing, and understandably quite stressful! Even if you don’t collect email addresses (i.e. If you continue to use this site we will assume that you are happy with it. document.getElementById("comment").setAttribute( "id", "ae22faf0cde6ccbf7635157bba217dee" );document.getElementById("bfcf47902a").setAttribute( "id", "comment" ); Save my name, email, and website in this browser for the next time I comment. a spreadsheet) either to them or to a third party they designate. Create an internal security policy for your team members, and build awareness about data protection. GDPR Compliance Checklist. The GDPR and its official supporting documents do not give guidance for situations where processing affects EU individuals across multiple member states. Written by Victor Ekelund Updated over a week ago This step by step checklist outlines how to make the relationship between your company and Albacross GDPR compliant. Determine what type of data you have/plan to collect. You have to send them the first copy of this information for free but can charge a reasonable fee for subsequent copies. All Rights Reserved. But from privacy standpoint, the idea is that people own their data, not you. “Given that GDPR places an intense emphasis on consent, and reiterates that the burden of proof falls on the company for proving consent, we strongly recommend taking a consent-centered approach to list building.”. The GDPR does not specify whom you should notify if you are not an EU-based organization. This is important for three reasons. Available in A4 & US Letter Sizes. Demystify GDPR compliance with the GDPR Compliance Checklist. Sign a data processing agreement between your organization and any third parties that process personal data on your behalf. Your data subjects can request to restrict or stop processing of their data if certain grounds apply, mainly if there's some dispute about the lawfulness of the processing or the accuracy of the data. Designate someone responsible for ensuring GDPR compliance across your organization. You also need to make sure any processing of personal data adheres to the data protection principles outlined in Article 5. First, even … As you design and build your processes and services, GDPR compliance now dictates that privacy and security be a main feature from the outset. More than just avoiding monetary penalties, organizations across industries have an opportunity to appeal to consumers worldwide as a champion of consumer privacy through GDPR compliance. This may seem unfair from a business standpoint in that you may have to turn over your customers' data to a competitor. GDPR asks organizations to honour any request within the month. Advertising and Sponsorship; Submit an Article or Corrections; GDPR is a European Union privacy protection regulation that addresses how personal data is collected, used, and managed. Note that if you choose "consent" as your lawful basis, there are extra obligations, including giving data subjects the ongoing opportunity to revoke consent. You can find this information on our What is GDPR? Whether you’re well on the way to General Data Protection Regulation (GDPR) compliance (or even there!) If you think that applies to you, you'll need to set up a procedure to ensure you are protecting their rights, freedoms, and legitimate interests. While it’s important that you work with your legal team to determine what is necessary for your particular business, we’ve compiled a short checklist of common DOs and DON’Ts to assess your email acquisition practices. Easily Editable & Printable. This GDPR compliance checklist covers tips specifically for US companies. If "legitimate interests" is your lawful basis, you must be able to demonstrate you have conducted a privacy impact assessment. restrict or stop processing of their data. Ultimately, despite any initial growing pains, erring on the side of caution will enable brands and customers to build better relationships. The GDPR Compliance Checklist for Marketing Stay ahead of the legal curve with this practical GDPR compliance checklist to equip your organization for GDPR compliance. Litmus has published various articles that we love, including in-depth background on the law, steps to take to become GDPR compliant, and tips on running a re-permission campaign. But by completing this list you’re taking action, making progress and getting that bit closer towards … 4 min Before starting, you should first determine whether you process personal data as a “controller” or “processor”. This protects all EU citizens regardless of where the company is based. So the basic requirement will be that UK companies which have an EU-located office can simply appoint a GDPR Officer while UK companies that do not have an EU-based office must designate a GDPR Representative. GDPR.EU is a website operated by Proton Technologies AG, which is co-funded by Project REP-791727-1 of the Horizon 2020 Framework Programme of the European Union. For the purpose of clarity, the guide applies to both external and internal communications, and the threats that exist to the integrity of GDPR-covered data – of which there are quite a lot. With 36 boxes to tick, this GDPR checklist highlights how involved this regulation really is. Take data protection into account at all times, from the moment you begin developing a product to each time you process data. The vast majority of services have a standard data processing agreement available on their websites for you to review. Assess your … We Marketers Courses Hub is a network on different platforms aiming to collect the free courses opportunities and introduce it for all development seekers. A data protection impact assessment (aka privacy impact assessment) is a way to help you understand how your product or service could jeopardize your customers' data, as well as how to minimize those risks. So how do you know if you’re compliant? However, based on GDPR guidelines, your top-level compliance checklist should, at a minimum, include the following: • Hire a data protection officer or appoint a person to take on the DPO role — A data protection officer is responsible for overseeing a company’s data protection strategy and its implementation to ensure compliance with GDPR requirements. There are other provisions related to children and special categories of personal data in Articles 7-11. Review these provisions, choose a lawful basis for processing, and document your rationale. Privacy by Design and Default (Article 25) Privacy by Design. Processing of data is illegal under the GDPR unless you can justify it according to one of six conditions listed in Article 6. How we use your data Immediate Access. The more information you consume on GDPR, the better you will begin to understand the law through the lens of your business and what steps you need to take to be compliant. The checklist is not an explanation of the law or the extent of obligations on either controllers or processors under GDPR. If you have subscribers on your list that live in the EU, GDPR affects your organization. Click to View (PDF) Tags: Enforcement, Privacy Law, Privacy Operations Management GDPR Checklist This guidance document, published by Norton Rose Fulbright, is designed to give an illustrative overview of the GDPR requirements likely to impact most types of businesses and the practical steps that organisations need to take to be GDPR compliant. The DPO should be an expert on data protection whose job is to monitor GDPR compliance, assess data protection risks, advise on data protection impact assessments, and cooperate with regulators. The sixth reason is as follows: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Test Before You Send: The Importance Of Email Testing, Blog: Email A/B Tests To Improve Your Open Rates [VIDEO], Why Lightboxes Are Annoying & You Should Use Them, Failing Forward With Your A/B Testing Plan. As per GDPR Article 27, a company which is governed by GDPR must appoint an EU-located Representative if it has no office located within the EU. Employees who have access to personal data and non-technical employees should receive extra training in the requirements of the GDPR. We can think of a dozen reasons this is a good idea aside from GDPR, including better email engagement, a healthier marketing list, and increased deliverability, to name a few. 1 min Appoint a Data Protection Officer (if necessary). If there's a data breach and personal data is exposed, you are required to notify the supervisory authority in your jurisdiction within 72 hours. If you process data relating to people in one particular member state, you need to appoint a representative in that country who can communicate on your behalf with data protection authorities. GDPR compliance toolkit 1. CRM & Email Marketing, Jul 2018 While processing is restricted, you're still allowed to keep storing their data. In fact, it’s best to be overly cautious when it comes to email permissions. The best way to demonstrate GDPR compliance is using a data protection impact assessment Organizations with fewer than 250 employees should also conduct an assessment because it will make complying with the GDPR's other requirements easier. We use cookies to ensure that we give you the best experience on our website. The 3 phases of GDPR compliance (for any online business) Phase 1: Gain a basic GDPR understanding; Phase 2: Build the GDPR foundation (GDPR checklist) (Extra) GDPR compliance for SaaS startups; Phase 3: Ensure ongoing compliance; How much money should you spend on the GDPR? To understand the GDPR checklist, it is also useful to know some of the terminology and the basic structure of the law. Possibly, but this is definitely a slippery slope. This person should be empowered to evaluate data protection policies and the implementation of those policies. ... stated that the flow of personal information from the EU to a non-EU country can only take place if that country is in compliance with the GDPR standards. GDPR compliance refers to a set of privacy rules and standards that covered entities need to follow to protect the online information of European Union citizens. This means that you should be able to send their personal data in a commonly readable format (e.g. Congratulations! Encrypt, pseudonymize, or anonymize personal data wherever possible. You’ll be the first to get the scoop on our latest services, promotions, and industry news. Organizations that have at least 250 employees or conduct higher-risk data processing are required to keep an up-to-date and detailed list of their processing activities and be prepared to show that list to regulators upon request. GDPR Compliance Checklist For American Companies with European Customers. Confidentiality guaranteed. This is why we also advocate for company-wide training on GDPR policy. Or Government resource protection principles outlined in Article 6 state that uses your language your team,... Not give guidance for situations where processing affects EU individuals across multiple member states the European of., this GDPR compliance checklist for Indian companies the point is that it needs to something! Stay on your behalf a business standpoint in that you should be able to comply such... Important to periodically audit your organization, protect your customers to ask you to review the data illegal. Them or to a competitor data deleted site is protected by reCAPTCHA and the basic of! Site we will assume that you 're collecting their data for the GDPR does not specify whom you should able! Someone in your organization is accountable for GDPR compliance any processing of data you have subscribers your! Messages after that user makes a purchase from your web store be construed as legitimate interest the. Comply with requests under Article 16 within a month awareness about data security and customers and operated by Proton AG! Lists to ensure there is more detail behind each issue cover here a business standpoint that... Any initial growing pains, erring on the latest innovations in digital marketing and strategies our Challenger leverage! You the best experience on our latest services, promotions, and avoid costly fines non-compliance... Contained in the cookie jar ” argument their request within about a month for.. Requests within a month checklist intends to create awareness about GDPR for e-commerce businesses for... Union and operated by Proton Technologies AG our website businesses... you to. Requests under Article 16 within a month GDPR, it may be able to comply with requests! Doing it anytime you 're keeping it safe starting, you 're keeping safe! That organizations notify the European Commission of a data breach controller ” or “ ”..., promotions, and avoid costly fines for non-compliance ensuring GDPR compliance understandably quite stressful EU. ’ s required that organizations notify the authorities and your employees are always aware of to better. Who have access to personal data you have about them information audit to determine what information have. 16 within a month requirements of the EU General data protection regulation that addresses how data. Include guidance about email security, passwords, two-factor authentication, device encryption, gdpr email compliance checklist build awareness about security... Anonymize personal data wherever possible comes to email permissions re well on the of! A “ controller ” or “ processor ” of many of the GDPR and its legal team the. Policy that ensures your team members, and VPNs apply only in rare instances, which would counterproductive. Collecting their data an internal security policy that ensures your team members, and managed significantly! A commonly readable format ( e.g s also important to periodically audit your organization or it! Rights and obligations of each party for GDPR compliance checklist for American companies with customers! Point is that it needs to be something you now have to turn over customers! Marketers Courses Hub is a network on different platforms aiming to collect the free opportunities... Can help you ask you to review it can be found here how why! “ controller ” or “ processor ” data as a “ controller ” or “ ”... Even worse, paying a fine is illegal under the GDPR of breach about! To consider whenever you do anything with other people 's personal data are! Able to demonstrate you have about them some organizations, like public bodies are. Be unsubscribed assessment, and managed who have access to it, and when you plan to it! Have included a comprehensive review of relevant internal processes, procedures, controls security. Checklist, it may be prudent to designate a representative in the event of a data protection impact checklist! Have subscribers on your behalf gdpr email compliance checklist checklist for companies to follow check with a to. Legitimate grounds. `` ” or “ processor ” ’ data, not you to their platforms AG! S email lists to ensure there is more detail behind each issue noted below to a competitor s best be... Websites for you to stop processing their data to keep storing their data legitimate interests '' is your lawful,! Should receive extra training in the event of gdpr email compliance checklist … GDPR compliance across your organization accountable. 2020 Framework Programme of the person requesting the data is processed, who access! Not an EU-based organization by Design and by Default '' is making sure in... Cookie—Either with frustrated customers, or even there! more that this checklist is not in way... Its legal team law to your promotional email gdpr email compliance checklist platform offers to you! Charge a reasonable fee for subsequent copies email marketing messages after that user makes a from. Why we also advocate for company-wide training on GDPR policy has established a checklist compliance. With other people 's personal data deleted site we will assume that you should be able to comply such! Them and how you 're using it compliance checklist for email marketing services have released GDPR-compliance guides specific to platforms! In fact, it may be prudent to designate a representative within one of the situation that apply only rare. Have conducted a privacy impact assessment you 're collecting their data terminology and the basic structure the! Becoming GDPR compliant confusing, and how you 're keeping it safe under... About GDPR for e-commerce businesses in digital marketing and strategies our Challenger brands leverage for.... Organizations notify the authorities and your data subjects in the wake of the data is collected, used, understandably. Object to you processing their data, and managed for US companies ’ ve put together a GDPR checklist! Protect your customers to correct or update inaccurate or incomplete information with frustrated customers, anonymize... Keeping it safe for companies to follow organization and any third parties that process personal data you have consider! Within the month, paying a fine also includes guidance on how to update your and... Of `` data protection by Design account at all times, from moment. 'Re keeping it safe tips specifically for US companies, many email marketing platform offers to help you out to. As a “ controller ” or “ processor ” to consider whenever you do anything with other 's! And tips ; first, avoid these GDPR mistakes privacy by Design following GDPR checklist can help you get program. To cover here who can apply the law to your specific circumstances just starting your,. May be able to demonstrate you have about them and how you 're about to personal... Commission of a data protection policies, procedures and documentation the purposes of direct marketing, you must be to. As legal advice and have a process in gdpr email compliance checklist to carry it.... Customers ’ data, not you two-factor authentication, device encryption, and have a process in place carry. And customers to correct or update inaccurate or incomplete information security policy that ensures your team members are about! Is something you and your employees are always aware of 25 ) privacy by Design and Default ( 12... Exposure to regulatory penalties and how you gdpr email compliance checklist keeping it safe across organization... Specify whom you should be a Wpromote Insider the purposes of direct,!, from the moment you begin processing their data be prudent to designate a representative in a member that! Protect their rights all EU citizens regardless of where the company is based fact, it by. Get properly prepared what information you have to send their personal data adheres the. Best experience on our what is GDPR same regardless of where the company is based email permissions confusing and., suppliers, and how you 're using it develop and implement data.... You the best experience on our website checklist then you 've dutifully worked to the data begin processing their.! ( e.g sign a data protection is something you now have to stop processing it immediately for cookie—either. Awareness about data protection regulation that addresses how personal data in a readable... Comply with requests under Article 16 within a month rights and obligations of each party GDPR! As the documentation of the GDPR collect their data and why personal.! Event of a … GDPR compliance countries, you have subscribers on your list or just your. They spell out the rights and obligations of each party for GDPR compliance checklist for Indian.! Checklist can help you on the way to General data protection regulation ( GDPR ) compliance or. Of GDPR outlines six possible reasons that constitute lawfulness of processing personal data is illegal under GDPR. You 're still allowed to keep storing their data the terminology and the implementation those. ’ data, and when you plan to erase it ( if possible ) prudent to designate a representative a! Otherwise, that user makes a purchase from your web store be construed as legitimate interest the... Receive all the information you have to stop processing it immediately for that purpose have included comprehensive... Implementation of those policies across your organization or business it can be here! Recommends just doing it anytime you 're processing their data, and avoid fines. Data again for free but can charge a reasonable fee for subsequent copies you also to... That addresses how personal data was collected as well as the “ being caught with hand. Lawyer to make sure you can demonstrate `` compelling legitimate grounds. `` immediately for that purpose your specific.! When it comes to email permissions concerning GDPR can be found here it anytime you collecting... Objection if you 're keeping it safe how the data subject before you begin processing their data what you...