Lumiform Mobile audits & inspections
Get App Get App

GDPR compliance template

Every company is unique. Since the GDPR (General Data Protection Regulation) takes a risk-based approach to data protection, each company must create, review and evaluate its own data collection and storage procedure. Legal advice may also be sought to ensure that business practices comply with the provision of the GDPR. The GDPR compliance checklist allows checking step by step if a company is GDPR compliant.

Downloaded 29 times

Rated 5/5 stars on Capterra

Say goodbye to paper checklists!

Lumiform enables you to conduct digital inspections via app easier than ever before
  • Cut inspection time by 50%
  • Uncover more issues and solve them 4x faster
  • Select from over 5,000 expert-proofed templates

Digitalize this paper form now

Register for free on and conduct inspections via our mobile app

  • Cut inspection time by 50%
  • Uncover more issues and solve them 4x faster
  • Select from over 4000 expert-proofed templates
Rated 5/5 stars on Capterra

GDPR compliance template

GDPR Compliance Checklist

Assessment of the Current Situation

What personal data is collected/stored?
Has this personal data been collected in a lawful manner?
Is it ensured that the personal data is not kept longer than necessary and is always kept up to date?
Is personal data kept in a safe and secure environment, and is a level of security appropriate to the risk ensured?
Is an encryption or pseudonymization procedure possibly required to protect the stored personal data?
Is access to personal data restricted so that it is used only for its intended purpose?
Are special categories of personal data, such as so-called "sensitive data," children's data, biometric or genetic data, or the like, collected and processed?
Is the personal data transferred outside the EU?
Has a data protection officer been appointed/appointed?

DSGOV Project Plan

Are there sufficient resources and funding and to implement and monitor the DSGOV provisions?
Does a data protection impact assessment need to be performed?
Has a policy on "privacy by design and default" been implemented to ensure a systematic evaluation of the potential impact of a project or initiative on the privacy of individuals?
Has the handling of employee data been considered in the plan?

Procedures and controls

Does the security team have the necessary knowledge and competencies to meet its obligations related to the GDPR, as well as sufficient resources to implement any necessary changes or new procedures?
Are adequate procedures in place to handle requests from data subjects for modification or deletion of, or access to, personal data?
Are data breach notification procedures in place that comply with the extended notification obligations under the GDPR?
Are employees fully trained in EU data protection to handle data in compliance with the rules?
Is the stored data regularly assessed and audited?


Has a privacy policy been implied?
Are clearly defined policies in place regarding the length of time various personal data is retained - be it customer, prospect, vendor, or employee data?
Are internal procedures documented to a sufficient extent?
Do contracts comply with the mandatory provisions of Art. 28 of the GDPR?
Are contracts with third-party providers who process personal data for the company designed in such a way that they comply with the requirements for processors set out in the GDPR?
Share this template:
This template is also available in:

Similar templates