Is Your Company GDPR Compliant?

September 8, 2020 | Written by Joseph Reynoso, TNI | Published on Tierra Nueva Interactive.


Any U.S. company that has a web presence and markets their products online will have some homework to do. The May 2018 deadline for General Data Protection Regulation (GDPR) compliance has come and gone which means your organization’s compliance activities should be in place. But if you’re still looking for a jumping off point, here’s a helpful little checklist to get you going:

  1. Establish a program of work that covers the construction of a coherent inventory of your processes that relate to personal data.
  2. Create a data inventory/map and do Data Privacy Impact Assessments where necessary.
  3. If applicable, ensure the information and the consent language you provide to your customers is transparent, clear, unambiguous, and written in plain language.
  4. Outline a plan for compliance with the more complex rights of the data subject, including rights of access, rights of correction, rights of rectification, rights of data portability, and rights of erasure.
  5. Have a process by which you risk-assess your own data.
  6. Have an understanding of where and how you share personal information with third parties, and ensure that you have the correct contracts in place with these processors to comply with laws.
  7. Assess your information security program as it relates to personal data, including third parties you share such data with.
  8. Establish a mechanism to identify if, when, and where any breach takes place and how you will handle it.   

In today’s ever connected world, where concerns about data sharing are palpable, organizations should take a proactive approach to protect the rights of consumer data wherever possible.

Scroll to Top