DEEDIX

AI Solutions

All SolutionsFull AI offerings overview
Custom AI AssistantTailored conversational AI
AI IntegrationSeamless AI deployment
AI ToolsExplore AI productivity tools

Built for

IndividualsAI tools for personal productivity
SMEsAI for small & medium businesses
EnterpriseEnterprise-grade AI solutions

Infrastructure

All ServicesBrowse all IT & tech services
Managed IT Support24/7 infrastructure management
Cloud SolutionsAWS, Azure & Google Cloud
CybersecurityEnterprise-grade protection

Build

AI IntegrationTailored AI strategies & solutions
Software DevelopmentWeb apps, SaaS & custom builds
IT ConsultingStrategy & transformation

Education

Technical Training60+ courses & certifications

Products

All ProductsBrowse all products
LogWatchReal-time log monitoring & analytics
EventsPivotEvent management & tracking platform
InventfulInventory & sales tracking platform

Developer Tools

All ToolsFree open-source dev tools
Secret SuiteCryptographic toolkit, local-first

Products

All Work
SaaS Products
Web Apps

IT Projects

Cloud
Security
Enterprise

Education

Technical Trainings

Browse

All Resources40 free professional IT resources
AI ResourcesGenerative AI tools & guides
SEO ChecklistStep-by-step SEO audit guide

Security & Cloud

Audits & Assessments6 IT audit checklists
Cloud & Migrations6 migration planners
IT Policies7 ready-to-use templates

Build & Dev

Web & Development6 dev & launch checklists
AI & Automation4 AI tools & workflow guides
Directories3 curated tool lists

Grow

Career & Learning4 roadmaps & study plans
Business & Strategy4 templates & planners

Work With Us

Our Services
Get a Quote

Resources

Free Downloads
Whitepapers
FAQ

Shop

Smartphones
Gaming Consoles
Laptops
Accessories

Account

Track My Order
My Account
Get Started
Get Started
HomeResourcesIT Templates & Policies
IT Templates & PoliciesChecklist
13 min read

GDPR Compliance Checklist for SMEs

Practical GDPR compliance checklist covering lawful basis, data mapping, privacy notices, consent management, subject rights, DPIAs, and ICO registration.

GDPR (UK GDPR post-Brexit) applies to any organisation processing personal data of individuals in the UK or EU. Non-compliance can result in fines up to £17.5 million or 4% of global annual turnover under UK GDPR. This checklist covers the key obligations every organisation must address.

On this page

  • Lawful Basis for Processing
  • Data Mapping & Records of Processing (RoPA)
  • Data Subject Rights Compliance
  • Personal Data Breach Response Checklist

Lawful Basis for Processing

You must have a lawful basis before processing

GDPR Article 6 requires a lawful basis for every processing activity. Document your basis in a Record of Processing Activities (RoPA). You cannot retroactively choose a different basis if challenged.

Lawful BasisWhen It AppliesExampleKey Restriction
ConsentData subject has given clear, unambiguous, freely given consentNewsletter subscriptions, marketing cookiesMust be withdrawable at any time; no pre-ticked boxes
ContractProcessing necessary to fulfil a contract with the individualProcessing customer address to deliver an orderOnly use what's necessary for the contract
Legal ObligationProcessing required by UK lawPAYE payroll, right-to-work checksNo opt-out; document the specific legal requirement
Vital InterestsNecessary to protect someone's lifeEmergency medical situationsRarely applicable outside healthcare
Public TaskExercise of official authority or public interest taskLocal government, public health bodiesMust have clear lawful power/duty
Legitimate InterestsBalanced against individual's rights and interestsFraud prevention, network security, direct marketingMust document LIA (Legitimate Interests Assessment)

Consent

When It Applies
Data subject has given clear, unambiguous, freely given consent
Example
Newsletter subscriptions, marketing cookies
Key Restriction
Must be withdrawable at any time; no pre-ticked boxes

Contract

When It Applies
Processing necessary to fulfil a contract with the individual
Example
Processing customer address to deliver an order
Key Restriction
Only use what's necessary for the contract

Legal Obligation

When It Applies
Processing required by UK law
Example
PAYE payroll, right-to-work checks
Key Restriction
No opt-out; document the specific legal requirement

Vital Interests

When It Applies
Necessary to protect someone's life
Example
Emergency medical situations
Key Restriction
Rarely applicable outside healthcare

Public Task

When It Applies
Exercise of official authority or public interest task
Example
Local government, public health bodies
Key Restriction
Must have clear lawful power/duty

Legitimate Interests

When It Applies
Balanced against individual's rights and interests
Example
Fraud prevention, network security, direct marketing
Key Restriction
Must document LIA (Legitimate Interests Assessment)

Data Mapping & Records of Processing (RoPA)

0/5 complete

Data Subject Rights Compliance

0/6 complete

Personal Data Breach Response Checklist

72-hour ICO notification deadline

Under UK GDPR Article 33, if a breach is likely to result in risk to individuals' rights and freedoms, you must notify the ICO within 72 hours of becoming aware. Many organisations miss this deadline. Have a response plan ready.

0/5 complete

What’s next?

More ResourcesBrowse IT Templates & PoliciesView category Implement ItIT ComplianceView services Build SkillsGovernance CoursesExplore courses
Back to all resources

On this page

  • Lawful Basis for Processing
  • Data Mapping & Records of Processing (RoPA)
  • Data Subject Rights Compliance
  • Personal Data Breach Response Checklist

Related Resources

  • IT Acceptable Use Policy Template
  • Data Backup & Recovery Policy Template
  • Incident Response Plan Template

Explore Further

  • More in this category
  • IT Compliance
  • Governance Courses
  • Related blog posts

Need hands-on help?

Our team can implement, audit, or consult on any of these areas for your business.

Talk to an expert

Contact Us:

info@deedixtech.com
+234 807 438 7880 NG+1 365-655-0498 CA
DEEDIX

Delivering AI solutions, cloud expertise, cybersecurity protection, and digital branding support since 2022.
Infinite possibilities for your business.

info@deedixtech.com+234 807 438 7880 NG+1 365-655-0498 CA
  • For Individuals
  • For Enterprise
  • Global Infrastructure
  • AppStore
  • About Us
  • Our Team
  • Careers
  • Digital Agency
  • DeediX AI
  • Managed IT
  • Cloud Solutions
  • Cybersecurity
  • IT Consulting
  • IT Tips
  • Tools
  • Case Studies
  • Whitepapers
  • FAQ

Get Started

  • For Individuals
  • For Enterprise
  • Global Infrastructure
  • AppStore

Company

  • About Us
  • Our Team
  • Careers
  • Digital Agency

Services

  • DeediX AI
  • Managed IT
  • Cloud Solutions
  • Cybersecurity
  • IT Consulting

Resources

  • IT Tips
  • Tools
  • Case Studies
  • Whitepapers
  • FAQ

Stay Updated

Latest IT insights and company updates.

Product names, logos, and trademarks referenced on this site are the property of their respective owners.
© 2026 DeediX Technologies. RC:1976012
SitemapPrivacyTermsTrademarks

Protected by Google reCAPTCHA Privacy Policy and Terms of Service apply.