1. Template 09.07: Data & Privacy Sheet (GDPR)¶
Download this template
Download as Markdown — Open in your editor or AI assistant and fill in the fields.
1. Use Case & Purpose Limitation¶
- Project: [name]
- Purpose of processing: [1–3 sentences, concrete]
- Why data is needed: [link to purpose, not "just in case"]
2. Data Categories¶
Tick + describe:
- Identification data (name, email, ID)
- Contact/communication (tickets, emails, chat)
- Financial (invoices, payments)
- Behaviour/usage (clicks, sessions)
- Special categories of personal data (health, biometrics, etc.) → only with explicit justification
3. Legal Basis & Transparency¶
- Legal basis (GDPR): [consent / contract / legitimate interest / legal obligation]
- Transparency required to data subjects? [Yes/No] If yes: where is this communicated? [link/text]
4. Data Flow & Vendors¶
- Sources: [systems/teams]
- Processors / vendors: [name + where processed? EU/US]
- Data leaving EU/EEA? [Yes/No] If yes: which safeguards (SCC, etc.)? [describe briefly]
5. Minimisation & Retention Periods¶
- Which fields are really necessary: [list]
- Log retention: [90 days / 12 months / other + motivation]
- Pseudonymisation/anonymisation: [what do we do?]
6. DPIA (Data Protection Impact Assessment)¶
- DPIA required? [Yes/No/Unclear]
- Why: [fill in trigger]
- Action: [Involve DPO + deadline]
7. Access Management¶
- Who has access to raw data: [roles]
- Who may change prompts/settings: [roles]
- Audit trail present: [Yes/No]
8. Risks & Mitigations (brief)¶
| Risk | Impact | Mitigation | Owner |
|---|---|---|---|
Was this page helpful?
Give feedback