GDPR Compliance Checklist Template
save
save
copy
downloadDownload
save
save
save
copy
copy

GDPR Compliance Checklist

I. Compliance Overview

Organizations can use this checklist to assess the GDPR compliance status of third-party vendors and partners with whom they share personal data, ensuring they adhere to the required standards.

Responsible Party: [YOUR NAME]

Date of Last Review: June 9, 2050

Next Scheduled Review: June 9, 2051

II. Vendor Assessment

  • Identify all third-party vendors and partners that handle personal data.

  • Check vendor contracts for GDPR compliance clauses.

  • Assess the necessity and proportionality of sharing personal data with each vendor.

III. Data Processing Agreement (DPA)

  • Ensure that a Data Processing Agreement (DPA) is in place with each vendor.

  • Verify that the DPA includes clauses required by GDPR Article 28.

  • Confirm the DPA details of both parties' data protection responsibilities.

IV. Data Security Measures

  • Evaluate the security measures implemented by vendors to protect personal data.

  • Verify encryption methods, access controls, and data breach response procedures.

  • Assess the physical and logical security of data storage facilities and systems.

V. Data Transfer Safeguards

  • Check if vendors transfer personal data internationally and evaluate their safeguards.

  • Ensure vendors follow GDPR rules for data transfers outside the EEA.

  • Review data transfer mechanisms like SCCs or BCRs.

VI. Data Subject Rights

  • Confirm that vendors have processes in place to fulfill data subject rights requests.

  • Ensure vendors meet GDPR response timelines for data subject requests.

  • Review data subject rights: access, rectification, erasure, and portability procedures.

VII. Data Breach Notification

  • Verify that vendors have procedures to detect, report, and investigate data breaches.

  • Ensure vendors report data breaches promptly and review response procedures.

VIII. Data Minimization and Retention

  • Limit vendors to collecting and processing only the necessary personal data.

  • Ensure vendors delete or anonymize unneeded personal data.

  • Review and ensure contract data retention complies with GDPR.

IX. Subprocessing Controls

  • Assess vendors' practices for engaging subprocessors and ensure GDPR compliance.

  • Ensure vendors get pre-approval before using subprocessors.

  • Review subprocessor agreements for GDPR compliance.

X. Privacy by Design and Default

  • Evaluate vendors' adherence to privacy by design and default principles.

  • Ensure vendors prioritize data protection and privacy in their products.

  • Review vendor DPIAs.

XI. Training and Awareness

  • Ensure vendors train employees on GDPR and data protection.

  • Verify that vendors maintain records of employee training and awareness activities.

  • Assess vendor communications for GDPR commitment.

XII. Auditing and Monitoring

  • Set up systems to audit and monitor vendor GDPR compliance.

  • Conduct regular assessments or audits of vendor practices and controls.

  • Review audit reports and address identified issues promptly.

XIII. Completion and Sign-off

By checking the box below, I acknowledge that I have reviewed and completed the GDPR compliance checklist for vendor management.

Completed by: [YOUR NAME]

Date: June 9, 2050

Compliance Templates @ Template.net