GDPR applies to anyone processing data of EU citizens. Checklist for developers.
Legal Basis¶
- ☐ Consent or legitimate interest defined
- ☐ Cookie consent implemented
- ☐ Privacy policy current and understandable
- ☐ Data Processing Agreement with suppliers
Subject Rights¶
- ☐ Right to access (data export)
- ☐ Right to erasure (delete API)
- ☐ Right to rectification
- ☐ Right to portability (JSON/CSV export)
- ☐ Right to restrict processing
Technical Measures¶
- ☐ Encryption at rest and in transit
- ☐ Pseudonymization/anonymization where possible
- ☐ Access control and audit logs
- ☐ Data minimization (collect only necessary)
- ☐ Retention policy implemented
Processes¶
- ☐ Data Protection Officer (if required)
- ☐ DPIA for high-risk processing
- ☐ Breach notification procedure (72 hours!)
- ☐ Regular processing audit
- ☐ Employee training
Warning¶
Fines up to 4% of annual turnover or €20M. Take GDPR seriously.
gdprcomplianceprivacy