Cross-Functional · Checklist · Advanced · Saves 40+ hours
GDPR Compliance Checklist
A checklist for GDPR compliance.
What's included
- Data Mapping
- Personal data inventory
- Processing activities
- Data flows
- Legal Requirements
- Lawful basis
- Privacy notices
- Data subject rights
- Data protection impact assessments
- Technical Requirements
- Data security
- Data retention
- Data portability
- Data deletion
- Organizational Requirements
- DPO requirements
- Training
- Documentation
- Breach notification
Best used when
- EU customer expansion
- Privacy program development
- Regulatory compliance
- Data protection assessment
Why this is Gold
GDPR compliance is required for EU. This checklist ensures coverage.
The template
The Template
GDPR COMPLIANCE
GDPR Readiness Checklist
GDPR COMPLIANCE CHECKLIST
LAWFUL BASIS:
☐ Processing activities documented
☐ Lawful basis identified for each
☐ Consent mechanisms (where used)
☐ Legitimate interest assessments
TRANSPARENCY:
☐ Privacy notice updated
☐ Cookie notice/consent
☐ Processing information provided
☐ Third-party sharing disclosed
DATA SUBJECT RIGHTS:
☐ Access request process
☐ Rectification process
☐ Erasure ("right to be forgotten")
☐ Data portability
☐ Objection process
☐ Response within 30 days
DATA PROTECTION:
☐ Data minimization practiced
☐ Purpose limitation enforced
☐ Storage limitation implemented
☐ Encryption implemented
☐ Access controls in place
ACCOUNTABILITY:
☐ Records of processing
☐ DPA with processors
☐ DPIA where required
☐ DPO appointed (if required)
BREACH NOTIFICATION:
☐ Breach detection process
☐ 72-hour notification process
☐ Data subject notification process
☐ Breach register maintained
Data Processing Records Template
RECORD OF PROCESSING ACTIVITIES
ACTIVITY: _______________
Controller: _______________
Purpose: _______________
Lawful basis: _______________
CATEGORIES OF DATA SUBJECTS:
☐ Customers
☐ Employees
☐ Prospects
☐ Other: _______________
CATEGORIES OF PERSONAL DATA:
☐ Contact information
☐ Account data
☐ Payment data
☐ Other: _______________
RECIPIENTS:
Internal: _______________
Processors: _______________
Third countries: _______________
RETENTION:
Period: _______________
Basis: _______________
GDPR Key Definitions
| Term | Definition |
|---|---|
| Personal data | Info relating to identifiable person |
| Processing | Any operation on personal data |
| Controller | Determines purposes and means |
| Processor | Processes on behalf of controller |
Frequently asked questions
What is the GDPR Compliance Checklist?
A checklist for GDPR compliance.
Who is the GDPR Compliance Checklist for?
It is built for Cross-Functionals and their teams working on Security & Compliance. The AI coach adapts it to your company, stage, and goals.
How long does the GDPR Compliance Checklist take to use?
It saves roughly 40+ hours versus building from scratch. Our AI coach can tailor the checklist to your situation in minutes, then hand you a step-by-step plan.
Is the GDPR Compliance Checklist free?
Yes. You can read the full checklist and start getting coached through it for free. Sign in to save your tailored version and track your next steps.
How does the AI coach help with the GDPR Compliance Checklist?
The coach teaches you the framework, asks a few questions about your business, tailors the checklist to you, and gives you measurable next steps to execute.