back to checklists

Agency GDPR Checklist

While it is most likely Agencies will not come under GDPR scrutiny, it is still important to know the risks and how to avoid them. This checklist provides a quick primer on issues that will open an agency to GDPR violations and how to avoid those pitfalls.

  • Is the Agency monitoring European residents data by controlling and/or processing data belonging to European residents?

  • Is the agency buying or obtaining data from third parties?

  • Is the agency sharing data with third parties in which some data pertains to European Residents?

  • If the collection, processing, and retention of the data is for the following points then the agency maybe allowed to collect, process, and retain the data.

  • If the purpose for collecting, processing, and retaining data is for the purpose(s) above (a-h), and includes European Union Residents, the agency must provide an explanation as to why the restriction(s) is necessary.

  • If the agency is not collecting any personal information on EU residents then the Agency will NOT be subject to GDPR compliance.

  • It is important to keep in mind that Washington has a lot of foreign workers and if they were to return to the EU the agency should have a process by which they destroy that personal information, or provide a user notice telling people about the retention of personal data after they have departed Washington.


back to checklists

The Office of Privacy and Data Protection announces beta testing of “Privacy Modeling,” a new web application that identifies the privacy laws relevant to the product or service you wish to create.

Go to Privacy Modelling App

Something went wrong. Please try again.