What industry sector is your business in?
Where do you trade your goods and services (where are your customers)?
Do you collect information about your clients, customers or end users (name, contact details, date of birth, health or payment details)?
Are you registered with the Information Commissioner's Office (ICO) as a business that processes people's personal information?
Do you keep customer or client personal information encrypted?
Do you collect only the minimum personal information that you need?
Do you ask for permission to use customer or client details in a particular way (e.g. to make sales calls, send marketing emails or newsletters)?
Do you give details to your customers about how you will use their information?
Is it easy and simple for a customer, client or supplier to withdraw or remove permission for their data to be used by your business?
Do you know exactly how much and what types of personal data your business processes, and have you documented this in any way?
Do you understand the term ‘data portability’ in relation to your customer’s data (and whether this applies to your business)?
Do you have an updated, GDPR compliant privacy notice?
Do you have a procedure in place to deal with data breaches in your business?
Do you have a subject access request procedure, so you know how to respond when people ask you what personal data you have on them?
How many 3rd party providers do you work with that may have access to the personal data you process, including software providers?
Do you know if any of your 3rd parties (processors, suppliers, business partners) are GDPR compliant?
Have you, or any of your key employees, attended or hosted any workshops or training on the new data protection requirements?
Do you feel you understand the data protection requirements of the GDPR places on your business?