Checklists and Tables

This is your starting point. You need to understand what personal data you hold, its source, what you need it for, how you store it and who you send it to. Armed with this information you are then in a better position to evaluate your key risks and next steps. Click here to download. 

This is intended to help you organise your project team and highlight the key issues you need to think about. Click here to download.

This website has a useful guidance document on legitimate business interests. Click here to find out more. 

The ICO has published a very helpful checklist, which provides a simple way of measuring your current compliance and how to send marketing without breaking the rules. Recital 47 of the GDPR says direct marketing is a legitimate use of personal information, which is true. It is important to remember however, that other rules also apply, for example the Privacy and Electronic Communication Regulations 2003 (PECR). PECR restricts the circumstances in which you can market people and other organisations by phone, text, email or other electronic means. Click here for more information.

For direct marketing (under DPA). Click here to download.

A starting point to help you think about the categories of personal data you hold and how long you need it for. You will need to devise the right retention plan for your own business. This is not something that a template can be provided for. Click here to download.