Workflow Templates: GDPR Compliance Checklist

Data Protection Principles

Ensure all data processing is done lawfully, fairly, and in a transparent manner.

Collect personal data only for specified, explicit, and legitimate purposes.

Ensure that data processed is adequate, relevant, and limited to what is necessary.

Rights of Data Subjects

Inform data subjects about the processing of their data and their rights.

Provide mechanisms for data subjects to request access to, rectification of, or erasure of their personal data.

Enable data subjects to object to processing of personal data for marketing, sales, or non-service related purposes.

Data Controller and Processor Obligations

Maintain a record of processing activities and ensure the privacy policy is updated.

Implement measures to ensure data security, including encryption and regular cybersecurity assessments.

Designate a Data Protection Officer (DPO) if required, and ensure they have the necessary resources.

Data Breach Response and Notification

Establish a process to detect, report, and investigate personal data breaches.

Notify the relevant supervisory authority within 72 hours of becoming aware of a data breach.

Communicate to affected data subjects without undue delay if the breach poses a high risk to their rights and freedoms.

Data Protection Impact Assessment (DPIA)

Conduct DPIAs for processing operations that may result in high risk to data subject rights and freedoms.

Consult with the supervisory authority prior to processing if the DPIA indicates high risk in absence of mitigating measures.

Review and update DPIAs regularly or when significant changes in data processing occur.

Data Transfer Outside the EU

Ensure that data transferred outside the EU is protected by appropriate safeguards.

Verify that third countries or international organizations ensure an adequate level of data protection.

Use legally approved mechanisms for data transfer such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).

Training and Awareness

Provide regular GDPR training to all employees involved in data processing operations.

Ensure that all employees understand their responsibilities under GDPR.

Keep documentation of training sessions and attendance for accountability.

Template Library Home

GDPR Compliance Checklist

Data Protection Principles

Rights of Data Subjects

Data Controller and Processor Obligations

Data Breach Response and Notification

Data Protection Impact Assessment (DPIA)

Data Transfer Outside the EU

Training and Awareness

Use this template in Manifestly

Template Library Home

GDPR Compliance Checklist

Data Protection Principles

Rights of Data Subjects

Data Controller and Processor Obligations

Data Breach Response and Notification

Data Protection Impact Assessment (DPIA)

Data Transfer Outside the EU

Training and Awareness

Use this template in Manifestly

Ready to take control of your recurring tasks?