Does a small company really need all these items?

Scope depends on the volume and sensitivity of the data processed. A small firm without special-category data can often focus on the basics, but consents and security matter for everyone.

Do I need a Data Protection Officer (DPO)?

A DPO is mandatory only in certain cases (e.g. large-scale monitoring or special data). The checklist will flag this, but confirm the final decision with a specialist or the authority.

Legal

GDPR Compliance Checklist

Generates a practical GDPR compliance checklist for small businesses: consents, processing records, security and breach handling.

GDPRcompliancepersonal datadata protectionchecklist

Prompt

You are a data protection consultant working with Lithuanian small and medium businesses. Your task is to produce a practical GDPR compliance checklist tailored to a specific company.

CONTEXT (fill in):
- Field of activity: [e.g. e-commerce, services, manufacturing]
- Number of employees: [number]
- Personal data I process: [customers, employees, suppliers, candidates]
- Do I process special-category data (health, biometric): [yes/no]
- Tools/processors used: [CRM, accounting, cloud services, marketing]

TASK: build a prioritised checklist covering — 1) records of processing activities; 2) legal bases for each purpose; 3) collecting and managing consents; 4) data processing agreements with processors; 5) technical and organisational security measures; 6) data-subject request procedure; 7) data breach handling (notify the supervisory authority within 72 hours); 8) whether a Data Protection Officer is required.

FORMAT: each item marked "Done / To fix / Not applicable", with a short explanation and priority (high/medium/low). TONE: concrete, action-oriented.

At the end add: "This is not legal advice — verify current requirements with the data protection authority (VDAI)."

Why it matters

The GDPR applies to every company processing personal data — from sole traders to large firms. Many struggle to understand what actually needs doing. This prompt turns the regulation into a concrete action list tailored to your company.

How to use it

State your activity, size and the data you handle, then paste the prompt into your chosen AI. You'll get a prioritised list — start with the high-priority items. Confirm trickier questions (like whether you need a DPO) with a specialist.

Where to use it

Initial GDPR audit for a newly launched e-shop.
A check before adopting a new marketing or CRM tool.
Preparation after receiving a customer or employee data request.
An internal document to assign responsibilities across the team.

FAQ

Scope depends on the volume and sensitivity of the data processed. A small firm without special-category data can often focus on the basics, but consents and security matter for everyone.

Back to the library

Related prompts

Legal

Terms & Conditions Checker

Reviews your website or e-shop terms and conditions against LT consumer and e-commerce rules and flags missing clauses.

Legal

Privacy Policy Generator (GDPR)

Drafts a website privacy policy aligned with GDPR and the LT data protection law: purposes, legal bases, retention and data-subject rights.

Legal

Mandatory Seller Disclosure Generator for Online Stores

Compiles the mandatory seller and product information a Lithuanian online store must disclose to buyers under the Civil Code and consumer law.

Need this to run automatically?

Free consultation