General Data Protection Regulation (GDPR) Checks

This GDPR compliance checklist can be used to conduct an information audit to determine what information is processed, who has access to it, a legal justification for the data processing activities, etc.

Library
IT & Data Center
General Data Protection Regulation (GDPR) Checks

GDPR Inspection

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Seeing is Believing

Get a live demo customized to your unique needs, or get started with a 14-day FREE trial.

General Data Protection Regulation (GDPR) Checks

This GDPR compliance checklist can be used to conduct an information audit to determine what information is processed, who has access to it, a legal justification for the data processing activities, etc.

1. Is the manager aware of his/her responsibilities as a data controller under GDPR?

2. Is the requested information about an individual really needed?

3. Is the purpose behind the data collection known?

4. Are the people whose information is held aware that their data is collected and recorded?

5. Are the people whose information is collected aware of the purpose their data is likely to be used for?

6. Are people aware of their data protection rights?

7. Is the information being held securely, whether it is on paper or electronically?

8. Is the website secure?

9. Is the personal information collected accurate and up-to-date?

10. Is personal information deleted as soon as there is no need for it?

11. Is access to personal information limited only to those with a strict need-to-know?

12. When putting staff details on the company website, are staff first consulted and consent taken?

13. If staff are monitored for example checking their use of email, have they been informed about this and reasons for monitoring explained to staff?

14. Are staff trained in their duties and responsibilities under GDPR?

15. Are staff putting GDPR responsibilities into practice?

16. If asked to pass on personal information, are staff clear as to when GDPR allows it?

17. Are clear protocols established in case service users or employees asks for a copy of information held about them?

18. Is a policy in place for dealing with data protection issues?

19. Does the Information Commissioner need to be notified?

20. If the Information Commissioner is already notified, is the notification up to date, or does it need removing or amending?