Data Processor Audit Checklist (GDPR)

Summary

This checklist is designed to give a controller a brief overview of topics, questions, and evidence to cover/request during an audit of a data processor. While it is specific to the European Union General Data Protection Regulation (EU GDPR), it applies with equal importance to vendor review under other data protection regulations including U.S. state and federal regulations and other international data protection regimes.