UT
UsefulToolkit
Home
About
Contact
Blog
Home
About
Contact
Blog
Home
/
Security & Privacy
/
GDPR Compliance Checklist
GDPR Compliance Checklist
Interactive GDPR compliance checklist with progress tracking.
Compliance Progress
0/35 (0%)
Lawful Basis for Processing
0/5
You have identified a lawful basis for each processing activity
You have documented the lawful basis for each processing activity
You obtain explicit consent where required (consent must be freely given, specific, informed, and unambiguous)
You have a process for individuals to withdraw consent easily
You keep records of consent (who, when, how, what they consented to)
Data Subject Rights
0/7
You can respond to Right of Access (SAR) requests within 1 month
You have processes for Right to Rectification requests
You can fulfill Right to Erasure (Right to be Forgotten) requests
You support Right to Data Portability (providing data in machine-readable format)
You have a process for Right to Restrict Processing
You can handle Right to Object requests
You have processes for automated decision-making and profiling objections
Privacy by Design
0/5
Data protection is considered at the design stage of new systems/processes
You only collect data that is necessary (data minimization)
You have appropriate data retention periods and delete data when no longer needed
You use pseudonymization or encryption where appropriate
You conduct Data Protection Impact Assessments (DPIAs) for high-risk processing
Documentation & Accountability
0/5
You maintain a Record of Processing Activities (ROPA)
You have a documented privacy policy that is clear and accessible
You have appointed a Data Protection Officer (DPO) if required
You have data processing agreements with all processors/sub-processors
You have documented your data flows (what data, where it goes, who accesses it)
Security Measures
0/5
You have appropriate technical measures (encryption, access controls, firewalls)
You have appropriate organizational measures (staff training, policies)
You regularly test and evaluate security measures
You have a data breach notification procedure (72-hour rule for supervisory authority)
You can notify affected individuals of breaches without undue delay
International Transfers
0/3
You have identified all international data transfers
You use appropriate safeguards for transfers outside the EEA (SCCs, adequacy decisions)
You have documented the legal basis for each international transfer
Website & Marketing
0/5
Your website has a compliant cookie consent banner
You have an up-to-date privacy policy on your website
Marketing communications include an unsubscribe option
You obtain opt-in consent for marketing emails
Third-party tracking tools are disclosed in your privacy policy