Company Name:

GDPR C
Done Summary Task Task Detail

Checklist Details Who is completing the checklist, DPO, team, etc.

Briefed on GDPR Make sure all parties in the company know GDPR
What data is held, stored, where does it come from,
Document Company Data etc.

Review Privacy Notices Update to comply with GDPR

Update your users with rights and freedom of data
Individual Rights Protection under GDPR
Comply to GDPR rule to give users more access to their
Prepare for Access Requests data

Identify Lawful Processing Activity The ICO has six lawful justifications to follow.
Seeking, Recording and Managing
Consent Comply with ICO consent requirements.

Age Verification Note if age verification is required

Develop detection, reporting investigating procedures
Prepare procedure for data breach in case of data breach
Make sure you're in compliance with GDPR Privacy
Impact Assessments (PIAs) and Data Protection Impact
Perform needed assessments Assessments (DPIAs)
If not already in place, appoint this lead on the GDPR
Appoint Data Protection Officer (DPO) checklist and GDPR at large
If you do business in more than one EU state, identify
Who Is Your Supervisory Authority the authority that supervises you in each

This legal information is not the same as legal advice, where an attorney applies the law to your specific circumsta
may not rely on this paper as legal advic
 GDPR COMPLIANCE CHECKLIST TEMPLATE
Measures Required Resources Required Assignee Planned Effort

Disclaimer
e law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this i
rely on this paper as legal advice, nor as a recommendation of any particular legal understanding.
 Planned Due Date Actual Effort Actual Due Date

nterpretation of this information or its accuracy. In a nutshell, you

Notes
 How to Use This GDPR Compliance Checklist

The following is a list of the tasks and what they involve in order to become complacent with GDPR.

Checklist Details: Notes who is completing checklist, like if you have a data protection office, the company, team, i
applicable, etc.

Briefed on GDPR: You must know the rules set up by GDPR before you can adhere to them; therefore, everyone
responsible for the process of compliance must be made aware of what is required.

Document Company Data: Know what personal data you hold, where it comes from, who it's shared with and why
it's held.

Review Privacy Notices: Clearly explain lawful basis for processing data, data retention periods and individual
rights in complaint process to ICO in your privacy notice to customers, and fully comply with GDPR.

Individual Rights Protection: Update company communications of the rights and freedoms of people and their
data to customers.

Prepare for Access Requests: With more rights to individuals granted by GDPR, provide appropriate means to
access that data.

Identify Lawful Processing Activity: When processing data, the documentation must be based on the
justifications stated by the ICO. 

Seeking, Recording and Managing Consent:  Apply new consent rules and procedure to seek, record and
manage consent.

Age Verification: Find out if you need to add protection for minors.

Prepare Procedure for Data Breach: Set up detection, reporting and investigating of data breach. 

Perform Needed Assessments: Make sure you're following ICO guidelines to deliver privacy by design.

Appoint Data Protection Officer (DPO): If you haven't appointed a DPO, do so. They are the lead on all GDPR
processes. 

Who Is Your Supervisory Authority: Depending on where you do business, there might be a different authority to
report to, so you must know which one supervisors you and your territory. 

Disclaimer
This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstan
this information or its accuracy. In a nutshell, you may not rely on this paper as legal advic
mer
circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of
egal advice, nor as a recommendation of any particular legal understanding.