With GDPR now just months away, there is obviously much discussion, concern and general rumour doing the rounds. To help you with your preparations we have compiled a checklist of the things that you should be looking at.

Lawful basis for processing personal data

To make certain your business is able to comply with GDPR you should review the various types of processing you carry out. You will then be able to identify your lawful basis for your processing activities and can document this as well as explain your lawful basis for processing personal data in your privacy notice(s).


One of the key areas of GDPR is that of consent. Now is the time to review how you seek, record and manage consent. Your business should look at your current system and how you record consent and implement the appropriate mechanisms in order to ensure an effective audit trail.

Communicating privacy information

Review your current privacy notices and plan to make any necessary changes in time for GDPR implementation.

Individuals’ rights

Check your procedures to ensure that you can deliver the rights of individuals under the GDPR.

Subject access

Review your procedures and have plans in place for how you will handle requests from individuals for access to their personal data within the new timescales outlined in the GDPR.

Discover further information in our How to prepare your recruitment agency for GDPR article.