Make sure you comply with GDPR by using these useful checklists and tables.
Data Audit Questionnaire
This is your starting point. You need to understand what personal data you hold, its source, what you need it for, how you store it and who you send it to. Armed with this information you are then in a better position to evaluate your key risks and next steps.
GDPR Compliance Checklist
This is intended to help you organise your project team and highlight the key issues you need to think about.
Data Protection Network
This website has a useful guidance document on legitimate business interests.
ICO Direct Marketing Checklist
The ICO has published a very helpful checklist, which provides a simple way of measuring your current compliance and how to send marketing without breaking the rules. Recital 47 of the GDPR says direct marketing is a legitimate use of personal information, which is true.
It is important to remember however, that other rules also apply, for example the Privacy and Electronic Communication Regulations 2003 (PECR). PECR restricts the circumstances in which you can market people and other organisations by phone, text, email or other electronic means.
Suggested consent wording
For direct marketing (under DPA).
Retention Analysis Table
A starting point to help you think about the categories of personal data you hold and how long you need it for. You will need to devise the right retention plan for your own business. This is not something that a template can be provided for.