The GDPR Checklist – The Race For May 25th 2018

Ledger Bennett Global Marketing

GDPR deadline

The General Data Protection Regulation is approaching fast! Is your company going to be compliant by the 25th May 2018? We’ve created this GDPR checklist to run through and tick off what you need to know:

Is your company affected by GDPR?

Regardless of company size or status, if you store or process data of EU citizens, then you must comply to GDPR by May 25th 2018. The fines for not complying are hefty – 4% of your annual global turnover or up to €20 million, whichever is highest!

Are you a controller or a processor?

GDPR will significantly affect two types of roles:

  • Controllers are those who decided how data will be dealt with and what they wish to do with it.
  • Processors are those actively handling the data and keep in compliance.

Which data is protected by GDPR?

  • Standard information around identity (Name, address, phone number, etc).
  • Race, sexuality, health or political information.
  • IP address, cookie data, general web data and RFID tags.

Understand the definition of ‘consent’ under GDPR

Consent under GDPR means that the user supplying their data is taking intentional action to opt-in.

Long gone will be the days of passively opting-in users when they register to your companies website. Users MUST explicitly state they wish to give you their data and opt-in to any emails you send them.

Hire a Data Protection Officer

Your Data Protection Officer will oversee your entire data security and make sure you never stray from GDPR. This is a requirement for companies that handle large quantities of EU data.

Get to grips with the ‘the right to be forgotten’

Users can now demand their data be deleted if it is no longer fit-for-purpose. It is your responsibility to make sure this information is wiped, and this includes the data you have passed on to third-parties.

Get your data storage sorted!

Data must be stored in common format types (such as .csv files) to make moving or removal of data easy.

What to do if your data is breached?

In the occurrence of any data breach, you must report it to the Information Commissioner’s Office (UK only – check your countries authority) within 72 hours of it happening or face the consequences (2% of your annual turnover, or €10 million, whatever is highest!).


Can you afford to not be ready for GDPR? The race for May 25th 2018 has begun! Learn more about what GDPR means for your business, from our other GDPR resources below.


Now that GDPR has come into effect if you have any questions about its wider implications check out our webinar recording exploring marketing in a post-GDPR world. 

Other blogs that may interest you