Welcome to our GDPR Accountability Checklist.
☐ We take responsibility for complying with the UK GDPR, at the highest management level and throughout our organisation.
☐ We keep evidence of the steps we take to comply with the UK GDPR.
We put in place appropriate technical and organisational measures, such as:
☐ adopting and implementing data protection policies (where proportionate);
☐ taking a ‘data protection by design and default’ approach – putting appropriate data protection measures in place throughout the entire lifecycle of our processing operations;
☐ putting written contracts in place with organisations that process personal data on our behalf;
☐ maintaining documentation of our processing activities;
☐ implementing appropriate security measures;
☐ recording and, where necessary, reporting personal data breaches;
☐ carrying out data protection impact assessments for uses of personal data that are likely to result in high risk to individuals’ interests;
☐ appointing a data protection officer (where necessary); and
☐ adhering to relevant codes of conduct and signing up to certification schemes (where possible).
☐ We review and update our accountability measures at appropriate intervals with an audit