Splnit.eu
PlatformDemoEU RegulationsBlogEarly accessAboutPricing
||
Sign in
Design partner
← All articles
GDPR3 minApril 30, 2026

GDPR checklist for an auditable company

A GDPR audit does not rest on one privacy policy. You need a processing inventory, processor contracts, a data subject rights process, and evidence of security measures.

Author: Marco Zoratto, founder of Splnit.eu

In this article

Records of processingProcessors and securityIncidents and 72 hours

Records of processing

ROPA is the operational map of personal data. For each processing activity, record the purpose, legal basis, data categories, recipients, retention period, and transfers outside the EU.

The most common weak spot is an outdated tool list. CRM, analytics, helpdesk, accounting, and HR systems change more often than legal documentation.

  • Customer data and CRM
  • HR and payroll
  • Marketing tools
  • Analytics and support

Processors and security

Every significant supplier that handles personal data needs a documented relationship: contract, DPA, security description, and ideally a recurring risk review.

Security controls should cover MFA, access rights, backups, incident response, and encryption where it matches the processing risk.

Incidents and 72 hours

For a personal data incident, time matters. You need a log, a decision on notification duty, a list of affected data, and a prepared notification template for the data protection authority.

Related regulation overview

Open overview: GDPR →

Turn the GDPR checklist into ROPA and evidence

Keep processing records, processors, DPIAs, and incidents as living records tied to systems and owners.

Open the GDPR overview
Splnit.eu

Early access platform for EU compliance automation.

Monthly EU regulation briefing

Product

  • Monitoring
  • Integrations
  • Trust Center
  • Security
  • Status
  • Early access
  • About
  • Pricing
  • Compare
  • Partners

Regulations

  • NIS2
  • EU AI Act
  • GDPR
  • ISO 27001

Contact

Splnit.eu — Czech sole-trader operator, Olomouc

Olomouc, Czech Republic

hello@splnit.eu
GDPRNIS2ISO 27001Vyhl. č. 410/2025 Sb.

© 2026 Splnit · Všechna práva vyhrazena

PrivacyTermsCookiesDPA
||