Glen Semino By Glen Semino • May 10, 2018

GDPR Key Requirements and Helpful Links

Companies that do business in the EU (European Union) are scrambling to be compliant with the General Data Protection Regulation (GDPR) which goes into effect on May 25th, 2018. It can be a daunting task searching for all the various resources and articles available that will help one attain compliance.  Here at SYNQ we have been working hard to get our processes and documentation GDPR compliant. Since we know other companies are going through the same process, we would like to share the resources we have gathered so far.

These are some key requirements and items you will want to have for GDPR compliance:

  • Right to Erasure and Right to Portability - This means a data subject has the right to request their personal data removed or transferred.
  • Data Protection Measures/Privacy by Design - This means that a company must have measures in place to ensure personal data remains secure as well as procedures/behaviors that lead to protecting personal data.
  • Personal Data Breaches Procedures and Notifications - This means a company has to have procedures in place for notifying data subjects if there is a security breach. Specifically companies should inform data subjects within 72 hours if there is a breach.
  • Data Protection Impact Assessments - A company should have a way to assess how a new product or significant change in an existing product will impact personal data.
  • Data Protection Officer - Some companies may be required to appoint a Data Protection Officer, especially if you will be doing a lot of processing of personal data.
  • Consent Forms - Data users must consent to what information they are willing to share and know how it will be used.
  • Awareness and Training - In order to be compliant a company must make their employees aware of GDPR and train them in best practices of keeping all data secure especially personal data.
  • DPA with 3rd party providers - For the various 3rd party providers a company uses where personal data could be exchanged, you will want to have a (DPA) Data Processing Addendum, this document is essentially an agreement that both parties will keep any personal data being exchanged secure under the guidelines of GDPR.
  • Personal Data Flow Mapping - As part of GDPR a company must know what personal data is being used, how it is being used and what controls exist when the personal data leaves the organization. Creating a flow map will help with knowing how personal data is traveling into and out of your product, it will also show you have an understanding of how your product uses that personal data.

Helpful Links and Resources


Official GDPR website

GDPR key changes

Data Protection Competent Authorities by Country/Region

GDPR Right to be Forgotten

HubSpot GDPR Checklists


GDPR Consent:

How to design GDPR compliant consent

Getting GDPR consent & opt-in


GDPR Flow Map:

The key elements of data flow mapping under the EU GDPR

GDPR Data Flow Diagram Template


GDPR Requirements/Compliance:

Understanding and Complying with GDPR Data Protection Requirements

A summary of 10 key GDPR requirements

7 Key GDPR Requirements & the Role of Data Governance

Top 10 operational impacts of the GDPR: Part 6 - RTBF and data portability

GDPR Compliance: What it is, How to Get Ready, and How to Streamline Compliance Processes


GDPR Readiness Assessment:

Evaluate your readiness for GDPR


Privacy Policy Generator:



Related posts: