Get your free

GDPR Compliance Checklist

Use this free GDPR Compliance Checklist for Excel to manage your projects better.

The General Data Protection Regulation (GDPR) is a legal requirement that demands certain practices for the collection and processing of personal information from individuals who live in the European Union (EU). It doesn’t matter where your company is physically located, if you’re doing business in the EU, you must be compliant. Our GDPR compliance checklist for Excel helps you and your business cover all of the GDPR details.

Why You Need a GDPR Compliance Checklist

The General Data Protection Regulation (GDPR) is a European Union (EU) law to protect the personal data and privacy of EU citizens. Any company doing business in the EU regardless of where it’s headquartered is required to be compliant with GDPR or risk costly fines.

GDPR was adopted by the European Parliament in April 2016, which replaced an antiquated data protection directive from 1995. The law requires that businesses protect the personal data and privacy of EU citizens for any transactions occurring in the EU, but also regulates any extraction of personal data outside the EU.

ProjectManager's free GDPR compliance checklist template
ProjectManager’s free GDPR compliance checklist template for Excel.

There is room for interpretation in the GDPR law, as companies are required to provide a “reasonable” level of protection for personal data. What “reasonable” legally means, however, is not explicitly defined. When it comes to companies getting fined for noncompliance, the governing body of the GDPR has discretion, and that uncertainty is not something a business can allow.

Therefore, having a GDPR compliance checklist makes sure your company is protected. There is only one standard to meet, but it’s a high bar. It’s better to do the work upfront and know you’re in compliance than face what could be wildly varying fines for finding out after the fact.

What Data is Protected Under GDPR?

The personal data that is protected is wide-ranging, from the name, address and ID number to IP address, cookie data and RFID tags to health and racial data to political opinions and sexual orientation.

Which Companies Need to Comply?

Companies must be compliant with the GDPR if they either have a presence in the EU or process the personal data of EU residents. They have to employ more than 250 workers, but fewer than 250 employees if the data process impacts the subjects’ rights. That means most companies, regardless of their size.

Who on Staff Needs to Enforce GDPR?

Most likely, it will be the data controller, data processor and data protection officer (DPO) in your organization who will be responsible for making sure you’re in compliance. Of course, you’ll also be responsible for making sure that outside contractors are also in compliance.

The GDPR states that companies must have a DPO if they’re processing or storing large amounts of EU residents’ data. If you don’t have a GDPR compliance checklist and are non-compliant with GDPR, your organization can be fined up to 20 million euros or four percent of global annual turnover, whichever is higher.

The need to be GDPR compliant is clear and the method to manage that process is to have a GDPR compliance checklist template that can control the process to make sure you haven’t missed anything.

What’s In Our GDPR Checklist

A checklist is self-explanatory. There are columns to collect the various tasks that are required, as well as who owns them, when they’re due, what resources will be needed, etc. You simply fill out the fields to reflect the process at your organization. Then check them off as you complete each one.

That’s simple enough, but with ProjectManager you can supersize your static template into a project management software that gives you more control and transparency into the project.

Importing Your Checklist into ProjectManager

Once you import the checklist into ProjectManager, it populates a Gantt chart, with a task list on the left and a timeline on the right, showing the duration of each task over the length of the project. Now it’s easy to edit the timeline if changes must be applied.

You can also assign each task to a team member, who gets notified and as they update the task, you’re alerted, too. You can monitor the progress of the project on a real-time dashboard that crunches the data into colorful charts and graphs that are easy to read and share, filtered to target the person you’re sending it to.

gantt chart for gdpr projects
ProjectManager’s interactive Gantt chart. Click to learn more

How to Use Our GDPR Compliance Checklist

The following is a list of the tasks and what they involve in order to become compliant with GDPR.

  • Checklist Details: Notes who is completing checklist, like if you have a data protection office, the company, team, if applicable, etc.
  • Briefed on GDPR: You must know the rules set up by GDPR before you can adhere to them; therefore, everyone responsible for the process of compliance must be made aware of what is required.
  • Document Company Data: Know what personal data you hold, where it comes from, who it’s shared with and why it’s held.
  • Review Privacy Notices: Clearly explain the lawful basis for processing data, data retention periods and individual rights in the complaint process to ICO in your privacy notice to customers, and fully comply with GDPR.
  • Individual Rights Protection: Update company communications regarding the rights and freedoms of people and their data to customers.
  • Prepare for Access Requests: With more rights to individuals granted by GDPR, provide appropriate means to access that data.
  • Identify Lawful Processing Activity: When processing data, the documentation must be based on the justifications stated by the ICO.
  • Seeking, Recording and Managing Consent: Apply new consent rules and procedures to seek, record and manage consent.
  • Age Verification: Find out if you need to add protection for minors.
  • Prepare Procedure for Data Breach: Set up detection, reporting and investigation of a data breach.
  • Perform Needed Assessments: Make sure you’re following ICO guidelines to deliver privacy by design.
  • Appoint Data Protection Officer (DPO): If you haven’t appointed a DPO, do so. They are the lead on all GDPR processes.
  • Who Is Your Supervisory Authority: Depending on where you do business, there might be a different authority to report to, so you must know which one supervises you and your territory.

Related Content on ProjectManager

ProjectManager is more than just an award-winning software, it’s a virtual project management library. Browse hundreds of training videos, project management templates and industry blog posts, but first, take a look at these recent and relevant articles published on our site.

Use ProjectManager For IT Security Projects

ProjectManager is a cloud-based project management software that features all the tools you need to control and manage your project. Becoming GDPR compliant is a big and important project, and ProjectManager helps you make sure that you get the work done right and on time. From a real-time dashboard to track progress to kanban boards that visualize workflow and online Gantt charts to schedule collaboratively, ProjectManager is your one-stop-shop for project success. Try it free with this 30-day trial.


This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this paper as legal advice, nor as a recommendation of any particular legal understanding.