+44 (0) 207 601 7100 solutions@blackbaud.co.uk www.blackbaud.co.uk
GDPR CHECKLIST
Checklist of key technology and data steps to consider –
and revisit regularly!
Getting started
Review the GDPR and the PECR and relevant guidance from your country's/sector's regulators
Complete a Privacy Impact Assessment
Write your Privacy Notice (supported by your legal and compliance team)
Communicate your Privacy Notice transparently
Key areas for your leadership
With your leadership team, decide legal grounds for processing your data
With your leadership team, decide what consents you will collect, whether broad or granular
With your leadership team, decide how long any consents captured will remain valid
(for each audience)
Ensure you have a clearly-understood process for handling data breaches
Data management essentials
Implement training and individual user agreements for your staff as a precursor to data access
Identify which systems across your institution are the 'source of truth' for each audience
Agree with your users how quickly data updates will be processed (suggested maximum 21 days)
Determine what information you will retain for those who request their data be removed
Determine appropriate (transparent) wording when collecting preferences verbally
Put in place measures to ensure your volunteers protect personal data when serving your
institution
Consider all data across multiple systems and spreadsheets, not just your main database/CRM
Communicate how your data can/should support other departments
