ICAEW.com works better with JavaScript enabled.

What to do about GDPR

Use this checklist to help your organisation to prepare for GDPR. The checklist includes: appointing someone senior to oversee the process, reviewing existing information and cyber security, mapping your data, reviewing contracts with clients, suppliers (anyone who processes your data) and employees, drafting data protection policies and procedures, and training staff.

  1. Appoint someone senior to oversee the process

  2. Getting ready for GDPR compliance is not just a matter for the IT department, so it is essential that a senior member of staff (director, partner, senior manager) takes responsibility for overseeing the process, allocating funds and resources as necessary. 

    Download the checklist

    Download the full checklist document, which provides more information to help ensure you're GDPR compliant.

    Download the full checklist

  3. Review existing information and cyber security and update as necessary

  4. Having comprehensive levels of information and cyber security is a key step towards building a resilient organisation.

  5.  "Map" your data

  6. Before you can assess what you need to do you need to know (‘map’) what data you have as this will inform what you do next.

  7. Review contracts with clients, suppliers (anyone who processes your data) and employees to ensure GDPR compliant
  8. As the GDPR (Articles 28-36) imposes new obligations on data controllers and data processors, you will need to make sure you understand your status and your responsibilities with regard to both client data and firm data.

  9. Draft (written) data protection policies and procedures

  10. The GDPR introduces the principle of ‘accountability’. This means that all organisations must not only ensure they are compliant with the GDPR but prove this too.

  11. Train staff

  12. Not all staff will need to understand the GDPR in its entirety but all staff should at least be aware that data protection is an issue for everyone.