GDPR data audit online template

Every organization must know what kind of data it processes and controls
Refer to GDPR online Data audit template walkthrough at the end of the page, or follow the template.

What DATA?
Begin the online GDPR data audit.

Check and complete the online GDPR data audit sheet precisely.

personal data definition’ ⇒ any information relating to an identified or identifiable natural person (‘data subject’)
Art IV (1) Definitions
  • Personal details
    (name, adress, birthdate, email, phone number…​)

  • Family information

  • Education/training

  • Employment details

  • Financial details
    (bank account, id nr, credit card…​)

  • Goods or services provided

  • Racial and/or ethnic origin

  • Political beliefs

  • Religion

  • Phisical/mental health

  • Criminal records

Data Subject

Who is the data about?

data subject’ ⇒ an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Art IV (1) Definitions
  • Staff, Agents, Workers

  • Customers, Clients

  • Suppliers

  • Members

  • Complaints, letters, correspondence

  • Relatives, associates of Data Subject

  • Advisors, consultants, experts

  • Other:

Source of Data

Did you obtain the data directly from the Data Subject or from others?

  • Data Subject

  • 3rd Party:

Format of Data

  • Computer

  • Paper

  • Photo

  • Other:

  • Consent
    Given by Data Subject

  • Legitimate interest
    (processing for the purposes of the legitimate interests pursued by the controller or by a third party, except where these interests are overridden by the interests or fundamental rights and freedoms of the data subject)

  • Performance of a contract

  • Legal obligation
    (employment, payroll…​)

When do you collect the Data?

  • When do you capture the Data?

  • Where do you intend to transfer the captured Data?

  • Under what circumstances is the transfer taking place?

  • For how long do you retain it? (month, years, specific regulation…​)

Storage and processing.

Paper based records.
  • Location of storage:

  • Location of processing:

Please specify at least the region of the location, but you can detail as needed.

Storage of paper based records. (in file cabinets, storage, boxes, locked away, restricted access…​)

Digital records.
  • Location of storage:

    • inhouse server

    • cloud server

      • EU

      • NON EU

    • remote location

    • backup disks

  • Location of processing:

  • What applications we use to process Data. (HR software, Payroll software…​)

    • offline installed software

    • cloud based applications

    • remote appllications

    • Email system

  • Where are these hosted?

    • EU

    • NON EU

Security of the systems we use.

  • Password authentication

  • U2f login

  • Data protection by design

  • Documentation on processing activities

  • Secure storage

  • Locked entry

  • Anonymization

  • Pseudonymization

  • Encryption of data

  • Data audit at fixed intervals

  • Written agreements, contracts with standard contractual clauses

  • Confidentiality

  • Other:

What processing, the purpose of processing?

  • Client administration

  • Marketing

  • Provision of goods and services

  • Legal obligations

  • Employee administration

  • Monitoring

  • Profiling

  • Processing for 3rd party

  • Payments

  • Other:

Whose Data?

  • Clients (current, former, potential)

  • Subscribers (if we do have such)

  • Business contacts, suppliers

  • Staff (current, former, potential)

  • Members

  • Partners

  • Relatives

Who has access to Data? (recipients)

  • How and under what circumstances? (describe the security and the process)

  • What do they see?

  • Is this access tracked?

  • No

  • Yes, describe:

Please select

  • Employees/agents of Data Controller

  • Suppliers, providers of goods and services

  • Other companies from group

  • Individuals making requests/complaints

  • Data Processors

  • Fnancial organisations

  • Organisations, Authorities imposed by law (including government, police, audits …​)

  • Other:

Data controllers will be required to maintain their own internal records of their processing activities for on demand disclosure by the authorities and for understanding the data lifecycle throughout the business.

Document last modified by Easy-Payroll // 2019-02-18 // Please consider the environment before printing (print to pdf). // © Easy-Payroll Germany

GDPR online Data audit template walkthrough

We created this data mapping template as a solution to ease the EU GDPR compliance.
You may add this inventory template to your favorites as a data mapping tool for further use.
What is data mapping? The general data protection regulation clearly states that each 'data controller' and 'data processor' must have a data audit methodology to asses the personal data it collects and uses. If you are a data protection officer you can consider it as a personal data inventory map. As we know the GDPR EU (EU general data protection regulation) has set firm standards for individual’s personal data protection.

You can find information on the internet regarding the types of data security which you can implement to protect 'personal data' throughout any data management plan, most of them listed in this online GDPR data audit template.

One crucial implementation to be in compliance for companies and businesses is 'privacy by design' as this will prevent a data protection breach in most cases. The data protection act may be a huge headache to go through but it is a must and should be an important 'RULE' to follow for every organisation and even for US companies as many of them work throughout Europe. They may not have any audit requirements but using a GDPR checklist template can further ease the process of a data protection impact assessment by presenting the information in clean form. If you read the basics click to start New Online Data Audit with our data inventory sheet.

If you find our Online GDPR Data Audit Tool and/or information useful please share it with others, Thank you!