There is checklist for small and medium-size businesses that vast majority of them has to apply. These include:
- Keep the records of Data Processing Activities. Be ready to present the report of Data Processing Activities to your local Data Protection Authority.
- Describe your Privacy Policy and communicate it to your customers as well as partners. As absolute minimum, publish it in your public website.
- Manage customer requests based on “new rights” the GDPR provides to persons. Most important ones include: a) Right to Know, b) Right to Data Portability c) Right to be Forgotten.
- Have a list of your Service Providers (called Processors in GDPR language) who are processing Personal Data for you and conclude or amend an agreement with each of them to handle Personal Data processing issues.
- Manage Data Breaches and report these to your local Data Protection Authority.
