Templates and checklists

Checklist · Governance

Annual Compliance Review Checklist

A yearly check across the key areas of the Act to keep your business on track.

Editable checklist
This is a general starting template, not legal advice. Adapt it to your business and have it reviewed before you rely on it. Text in square brackets is for you to complete.

Annual Compliance Review Checklist

Run this once a year, and whenever you adopt a new tool, partner, or data use.

Know your data

  • [ ] Your record of what personal data you hold and why is up to date.
  • [ ] You have removed or securely disposed of data you no longer need.

Transparency

  • [ ] Your privacy notice still matches what you actually do.
  • [ ] Any new data uses this year are reflected in the notice.
  • [ ] Each processing activity still has a clear lawful basis.
  • [ ] Marketing consents and opt-outs are being honoured.

Rights and requests

  • [ ] You can handle access and correction requests on time.
  • [ ] Any requests this year were logged and answered properly.

Security

  • [ ] Access rights are still correct, and leavers have been removed.
  • [ ] Backups exist and have been tested.
  • [ ] Software and devices are up to date.

Processors and sharing

  • [ ] Your list of processors is current, with written contracts in place.
  • [ ] Data sharing arrangements still have a basis and disclosure.

Incidents

  • [ ] Any breaches this year were recorded and learned from.
  • [ ] Your breach response plan is current and known to staff.

Action

  • [ ] Gaps found this year are written up as dated, owned tasks.
Legal note. This is a general checklist, not legal advice. Adapt it to your business and confirm specifics against the Act.