GDPR Compliance Checklist | EU Data Protection Audit | From €9

What is a GDPR Compliance Checklist?

GDPR compliance isn't a one-time task — it's an ongoing programme. Our GDPR Compliance Checklist is a practical, step-by-step audit tool that helps businesses identify gaps in their data protection practices and prioritise remediation. Used by DPOs, legal teams, and founders across Europe to get compliant and stay compliant.

What's included

Data audit: what data you hold, why, and for how long
Legal basis assessment for all processing activities
Privacy notice review (Articles 13 & 14)
Consent mechanisms and records
Data Subject Rights procedures (access, erasure, portability)
Third-party processor review and DPA checklist
Breach notification procedure
International transfer assessment (SCCs, adequacy decisions)
Staff training and awareness checklist
Technical and organisational security measures (TOMs)

Frequently asked questions

Do I need a DPO (Data Protection Officer)?+

Under GDPR, a DPO is mandatory for public authorities, organisations that conduct large-scale systematic monitoring, or those that process special category data at scale. Many smaller businesses appoint one voluntarily.

What fines can I face for GDPR non-compliance?+

GDPR fines can reach €20 million or 4% of global annual turnover (whichever is higher) for the most serious violations. Minor violations can attract fines of up to €10 million or 2% of turnover.

How long do I have to notify a data breach?+

Under GDPR Article 33, you must notify your supervisory authority within 72 hours of becoming aware of a personal data breach that poses a risk to individuals.

📋 Who this template is for

This document is intended for: freelancers, sole traders, and small businesses (typically under 20 employees) operating in the EU — including Slovakia, Czech Republic, and other member states. Suitable for standard websites, e-commerce, service businesses, consultancies, and similar small-business use cases.

This document is NOT suitable for: healthcare providers, financial services, regulated industries, large employers (20+ employees), or any business handling sensitive personal data (medical records, biometric data, children's data at scale, etc.). If your business falls into any of these categories, please consult a qualified local data protection lawyer.

Important: This template covers the core EU GDPR framework (Regulation 2016/679) and includes references to applicable national Data Protection Authorities. For complex situations, sector-specific requirements, or full compliance audits, we strongly recommend consulting a local lawyer specializing in data protection. Contact us if you have any questions about whether this template fits your situation.

Need something specific?

If your situation doesn't quite fit our standard template — different country, specific industry, particular clause — tell us what you need. We read every message and reply within 24 hours.

Popular legal products

Browse by category

More categories

Most popular

Business services

Legal support

Free AI tools

Business compliance

Managing contracts

Protecting your business

✅ GDPR Compliance Checklist

What is a GDPR Compliance Checklist?

What's included

Frequently asked questions

📋 Who this template is for

Need something specific?