DATED: January 2026
PRACTICE AREAS: Data Privacy
For further information on Kidwells Solicitors and our commercial and technology team please contact: tech@kidwellssolicitors.co.uk or call : 01432 278179
This checklist is for general information only and does not constitute legal advice. Specific advice should be taken for individual circumstances.
Area | Check | Status |
Governance & Accountability | Responsibility for data protection is clearly assigned. |
|
Data mapping | Personal data held and purposes identified. |
|
Lawful basis | Lawful basis documented for each processing activity. |
|
Special Category Data | Enhanced safeguards applied where required. |
|
Privacy Notices | Up-to-date and accurate privacy notice in place. |
|
Individual rights | Process in place to respond within one month. |
|
Security | Appropriate technical and organisational measures implemented. |
|
Processors | GDPR-compliant contracts with all processors. |
|
Retention | Retention periods defined and followed. |
|
Data breaches | Breach response plan and 72-hour reporting capability. |
|
ICO registration | ICO fee assessed and paid if required. |
|
Training | Staff receive data protection awareness training. |
|
EU GDPR | EU GDPR applicability assessed and addressed. |
|
Review | Compliance reviewed periodically. |
|