What is a GDPR Compliance Checklist?
GDPR compliance isn't a one-time task — it's an ongoing programme. Our GDPR Compliance Checklist is a practical, step-by-step audit tool that helps businesses identify gaps in their data protection practices and prioritise remediation. Used by DPOs, legal teams, and founders across Europe to get compliant and stay compliant.
What's included
- Data audit: what data you hold, why, and for how long
- Legal basis assessment for all processing activities
- Privacy notice review (Articles 13 & 14)
- Consent mechanisms and records
- Data Subject Rights procedures (access, erasure, portability)
- Third-party processor review and DPA checklist
- Breach notification procedure
- International transfer assessment (SCCs, adequacy decisions)
- Staff training and awareness checklist
- Technical and organisational security measures (TOMs)
Frequently asked questions
Do I need a DPO (Data Protection Officer)?+
Under GDPR, a DPO is mandatory for public authorities, organisations that conduct large-scale systematic monitoring, or those that process special category data at scale. Many smaller businesses appoint one voluntarily.
What fines can I face for GDPR non-compliance?+
GDPR fines can reach €20 million or 4% of global annual turnover (whichever is higher) for the most serious violations. Minor violations can attract fines of up to €10 million or 2% of turnover.
How long do I have to notify a data breach?+
Under GDPR Article 33, you must notify your supervisory authority within 72 hours of becoming aware of a personal data breach that poses a risk to individuals.