We wrote a huge blog post about how to understand and prepare for GDPR.  That blog post is longer than we usually write, and we wanted to do a condensed version to help people quickly get to the point of how GDPR impacts them, and know whether they are ready.  If you need to know the basics, you should refer to the earlier, longer post about GDPR.

So with that said, here is a checklist that you should go through to understand whether you are ready for GDPR:

  1. Do you have a privacy policy on all form pages of your website that lists the ways that you are in compliance with the six principles of GDPR?
  2. Has your privacy policy been updated to reflect the new definition of personally identifiable information” such that includes basically everything, including anonymous cookies that were previously excluded from the definition?
  3. Do you have a checkbox on all your forms that allows people to select an option that says “Do Not Keep My Data”?
  4. Does your privacy policy include information about how you plan on using the data you collect?
  5. Does your website allow people to change their mind and withdraw consent?
  6. Does your privacy policy include a section that indicates how long you will store data?
  7. Does your privacy policy describe how you are protecting data from third party access?
  8. Does your privacy policy provide contact information (name and contact details) for people to reach out with questions about your data collection policies, and how to change previous consent agreements?
  9. Does your privacy policy describe who internally (categories are fine) with whom the data is shared?
  10. Does your privacy policy describe any information on international data transfers?
  11. Does your privacy policy include an explanation of an individual’s right to access, rectify, erase, or object to the processing of data;
  12. Does your privacy policy acknowledge the right to lodge a complaint with supervisory authority?
  13. Does your privacy policy acknowledge whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of the failure to provide such data?
  14. Does your privacy policy highlight (if appropriate) the existence of automated decision-making including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject?
  15. Does your privacy policy include the legal basis for processing data?
  16. Are you aware that personal data is obtained from sources other than the data subject, such as third party data providers, you must provide some additional information about the data and source. Refer to Article 14 if applicable.
  17. Do you have a checkbox or link on all forms on your website that allows people to consent with a “YES” or a “NO” to agree to data processing?
  18. Do you have a checkbox or link on all forms on your website that includes the data and time on which the consent policy was last updated?
  19. Do you have a checkbox or link on all forms on your website for “consent notes” (containing the purpose of data processing and a history of consent provided that is documented here) — the value here should capture the purpose of capturing the data; the way the data was obtained, and any previous consent purposes?
  20. Do you have a checkbox or link on all forms on your website to “Correspondence Opt-Out” — letting people opt-out of correspondence easily?
  21. Do you have a checkbox or link on all forms on your website to enable them to opt-out of cookie collection or web tracking?
  22. Do you have a policy internally allowing people to tell you verbally that they opt-out of tracking and communication if they don’t want communications?
  23. Do you have a policy internally allowing people to tell you via email that they don’t want communications?
  24. Do you have a policy internally allowing people to tell you send you written communications in some form that tells you that they don’t want communications via certain channels?
  25. Do you have a process for maintaining lists within your email system, CRM, and other databases to document preferences from individuals on whether and how often they want to receive information from you?
  26. Are you prepared to respond to individuals who request information to confirm that their data is being processed, and to respond within one month?
  27. Have you defined roles that define internally who has access to what data?
  28. Have you limited access only to those individuals who must have access to data?
  29. Are you prepared to review access regularly to make sure all data access to necessary and compliant?
  30. Are you storing data in an encrypted manner?
  31. Do you have a “hover” feature on your website that explains further details about how data is being used, and the definitions you adhere to? For instance, a hover field that allows people to know what they agreeing to if they check the box next to “Do Not Keep My Details”?
  32. Do you have an “Email Subscription Center” that let’s people specify exactly what they receive from you, how often, and whether they want to opt-out?
  33. Do have link that allows people to click “Opt Out of Website Tracking” in order to avoid things like retargeting and tailored ads in the future?

These are the 33 best questions we can come up with in order to help people know whether they are ready for GDPR, which takes effect on May 25, 2018, but we hope you do three things if you are still uncertain: (1) reach out to us by email to talk; (2) talk to your lawyer; or (3) read this more detailed post on what GDPR means in greater depth.  We hope this is helpful as you get ready for the upcoming regulations!

Will Marlow is a search engine marketing consultant who loves helping high growth companies optimize and improve their PPC results: and he holds seven certifications: Google AdWords Search, Display, Mobile, Shopping, and Video Certification, Google Analytics Certification, as well as certification as a Bing Ads Accredited Professional.

Marketing Certification Badges



AdWords Keyword ROI Calculator

The ROI Calculator will help you pick the perfect keyword bid prices.

Data-Driven Training

We created Royku to train marketers in data-driven marketing.