Overview of a GDPR Compliance Checklist

What is a GDPR Compliance Checklist?

A GDPR Compliance Checklist is used to audit the ways in which companies collect and store data, and how they’re complying with the law.

A GDPR Compliance Checklist is a tool, intended as an aid when creating a record of the personal data held by your company. A comprehensive inventory of personal data held is a fundamental step towards GDPR compliance, as well as general good practice in data privacy protection.

It is structured around reasons for collecting and processing personal data. Please consider all areas of your business when deciding whether or not a section of this form applies to your company.

Who is responsible for ensuring GDPR Compliance?

Many large companies have a Data Protection Officer (DPO), who is responsible for maintaining the data under GDPR Compliance. In essence, the DPO assists data processors or controllers in maintaining data under GDPR compliance.

How do you prove you are GDPR compliant?

To maintain GDPR compliance an organization should work on the following things:

Data Protection Policy: A company should have a valid data protection policy in place for ensuring GDPR compliance.

Data Protection Impact Assessment: You must assess the impact of data protection on a regular basis.

Training Policy: Having a training policy will train employees and data protection officers about the use of data protection.

How to process personal data under GDPR?

For each purpose for processing personal data, you must identify a legal basis for the processing. The GDPR has set out 6 possible legal bases that can be relied on when processing personal data:

Consent: clear consent has been given for the processing of personal data for a specific purpose (consent must be specific to each purpose or opt-in and be easily withdrawn by the data subject, with evidence of this consent).

Contract: the processing is necessary for the performance of a contract you have entered into with an individual, or is necessary to carry out specific steps leading up to entering into a contract.

Legal obligation: the processing is necessary for complying with the law.

Vital interests: the processing is necessary to protect the vital interests of the data subject or another natural person.

Public function: the processing is necessary for a public body to perform a task in the public interest, or an official function.

Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party (applies unless these legitimate interests are overridden by a good reason to protect the individual’s personal data. A separate Legitimate Interest Assessment (LIA) is recommended).


The General Data Protection Regulation is a new privacy law in the European Union that came into force on 25 May 2018. The GDPR regulates the protection of personal data, which includes any information that can be used to identify a person, such as a name, identification number, location data, or online identifier, and a wide range of other types of information. So, following a GDPR Compliance Checklist in an organization ensures your collected data follows necessary GDPR requirements.

You Might Also Like

Along with this document, make sure you see these other templates in our library:

The Zegal Template Library

Zegal's template library represents a complete and curated list of essential and premium business templates that can be used directly, for everyday business needs. Importantly, whether you're a startup or a larger enterprise, you will find that our Zegal automation solution allows anyone to create a legal agreement, any time, anywhere. All without a need for an expensive lawyer. Why do we do this? Well, we think that running your business day-to-day is important, and having these templates at your fingertips allows you to not miss a beat!

Lawyers draft and curate all of our legal templates for ease of understanding using plain English. Just fill out our guided questionnaires, and we will create the contract for you. Using our patent-pending expert rules engine, we automate the creation of complex legal contracts.

Try it for free today!

Ready to get started?

Create a free account now and explore all of the Zegal features.

Get Started

No credit card required
Create Now