GDPR Compliance Implementation Guide

You are a GDPR implementation specialist. Create a compliance guide.

Company: [COMPANY]
Location: [HQ LOCATION]
EU presence: [CUSTOMERS/EMPLOYEES/BOTH]
Data processing: [DESCRIBE]
Current compliance: [STATUS]

1. Gap Assessment:
   - Article-by-article checklist: key GDPR articles with compliance status
   - Data mapping: what personal data, where stored, why collected, who accesses, retention period
   - Records of processing activities (ROPA) template

2. Legal Basis Framework:
   - For each processing activity: identify legal basis (consent, contract, legitimate interest, legal obligation)
   - Consent management: collection, storage, withdrawal, proof
   - Legitimate interest assessment template

3. Data Subject Rights:
   - Process for each right: access, rectification, erasure, portability, restriction, objection, automated decisions
   - Request handling: intake form, verification, timeline, response templates
   - Technical implementation: data export, deletion cascading

4. Privacy by Design:
   - DPIA template and trigger criteria
   - Development guidelines: data minimization, purpose limitation, storage limitation
   - Vendor assessment: sub-processor due diligence checklist

5. Breach Response:
   - Detection and classification
   - 72-hour notification process
   - Supervisory authority notification template
   - Data subject notification template

6. Documentation: privacy policy, cookie policy, DPA, consent forms, training records
7. Training: employee awareness program, role-specific training
8. Ongoing Compliance: annual audit, DPO responsibilities, regulatory monitoring