GDPR compliance isn't just about privacy policies and cookie banners. Your actual document handling practices โ how you create, store, share, and destroy PDFs containing personal data โ are at the core of compliance.
GDPR Document Compliance Checklist
Before Creating/Receiving Documents
- โ Identify personal data categories the document will contain
- โ Confirm legal basis for processing (consent, contract, legal obligation, etc.)
- โ Define retention period before document is created
Before Sharing Externally
- โ Remove metadata that reveals internal information โ use our Metadata Remover
- โ Redact any personal data not required by the recipient โ use our PDF Redaction Tool
- โ Encrypt if the document contains sensitive personal data โ use our PDF Encryption Tool
- โ Confirm recipient has appropriate data protection measures in place
Storage & Retention
- โ Store documents containing personal data with access controls
- โ Encrypt stored documents containing special category data
- โ Document your retention schedule and deletion procedures
Rights Requests
- โ Process to identify all documents containing a specific person's data
- โ Ability to provide copies (data portability)
- โ Ability to redact or delete personal data from specific documents
Quickly redact personal data from documents for GDPR requests: PDF Redaction Tool โ free online
Common GDPR Document Failures
- Sending CVs or HR documents with unredacted sensitive data
- Sharing contracts with metadata revealing internal negotiations
- Retaining documents containing personal data past their retention period
- Storing PII in unencrypted PDFs on shared drives
FAQ
What are the GDPR fines for document mishandling?
Up to โฌ20 million or 4% of global annual turnover for the most serious infringements. Even lower-tier infringements can reach โฌ10 million or 2% of turnover.
Does GDPR apply to PDFs stored on my computer?
Yes โ if those PDFs contain personal data of EU residents, GDPR applies regardless of where the data is stored, including local files and personal devices.