Iubenda logo
Start generating


Table of Contents

GDPR cheat sheet: 15 things to know

Are you GDPR compliant? This cheat sheet is a great starting point to help you assess and secure your organization to avoid costly fines.

Firstly, let’s recap what the GDPR is and when it applies.

GDPR cheat sheet

What is the GDPR?

GDPR stands for General Data Protection Regulation and at its most basic, it specifies how personal data should be lawfully processed (including how it’s collected, used, protected or interacted with in general).

Does the GDPR apply to you?

The GDPR applies to organizations, companies, individuals, corporations, public authorities and other entities – including small businesses, charities and nonprofit organizations – that are either based in the EU, offer goods or services (even for free) to people in the EU, or that monitor the behaviour of people in the EU, either directly or as a third party.

GDPR cheat sheet

  1. You have a valid legal basis for processing personal data.
  2. You provide a privacy and cookie policy that is up-to-date, understandable, unambiguous, and easily accessible throughout your website or app.
  3. Your privacy and cookie policy describes the personal data collected and the purposes of their collection.
  4. Your privacy and cookie policy accurately lists all the third parties the data is shared with.
  5. Your privacy and cookie policy informs users of their rights in relation to their data.
  6. Your mechanisms for acquiring consent are unambiguous and involve a clear “opt-in” action (the regulation specifically forbids pre-ticked boxes and similar “opt-out” mechanisms).
  7. Your contact, newsletter and registration forms clearly state your intentions, link to your privacy policy, and collect opt-in consent for different activities.
  8. You keep clear records of consent and you’re able to demonstrate that the user has given consent. In fact, you’re able to retrieve: when consent was provided, by whom, which preferences were expressed, which legal or privacy notice they were presented with at the time, and which form they were presented with at the time.
  9. It’s easy for your customers to request and receive all the information you have about them.
  10. It’s easy for your customers to correct or update inaccurate or incomplete information.
  11. It’s easy for your customers to object to certain processing activities.
  12. It’s easy for your customers to receive a copy of their personal data in a format that can be easily transferred to another company.
  13. It’s easy for your customers to request to have their personal data deleted.
  14. It’s easy for your customers to ask you to restrict the processing of their personal data.
  15. You have the right technologies and procedures in place to detect, report and investigate a personal data breach.
  16. You keep a record of how you store and use the data you collect from users (data retention policy for each processing activity, security measures, legal basis for processing, data transfer outside of the EU, and the parties that you share the data with).

Get started with GDPR Compliance

Or learn more about iubenda’s solutions

Start generating

About us


GDPR compliance for your site, app and organization


See also