100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

GDPR Compliance Cheat Sheet

GDPR Compliance Cheat Sheet

Outlines core GDPR principles, data subject rights, lawful bases for processing, and breach notification requirements for engineering teams.

2 PagesIntermediateJan 25, 2026

Core Principles (Article 5)

The foundational principles that all GDPR processing must satisfy.

  • Lawfulness, fairness, transparency- Processing must have a legal basis and be clearly communicated to data subjects
  • Purpose limitation- Data collected for one purpose cannot be reused for an incompatible purpose
  • Data minimization- Collect only the data necessary for the stated purpose
  • Accuracy- Personal data must be kept accurate and up to date
  • Storage limitation- Data must not be kept longer than necessary; define retention periods
  • Integrity and confidentiality- Appropriate security (encryption, access control) must protect the data
  • Accountability- Controllers must be able to demonstrate compliance, not just achieve it

Lawful Bases for Processing (Article 6)

At least one basis must apply before processing personal data.

  • Consent- Freely given, specific, informed, and unambiguous agreement, revocable at any time
  • Contract- Processing necessary to perform a contract with the data subject
  • Legal obligation- Required to comply with a law the controller is subject to
  • Vital interests- Necessary to protect someone's life
  • Public task- Necessary for a task carried out in the public interest or official authority
  • Legitimate interests- Necessary for the controller's legitimate interest, balanced against the data subject's rights

Data Subject Rights (Chapter III)

Rights individuals can exercise over their personal data.

  • Right to access (Art. 15)- Obtain confirmation and a copy of data being processed about them
  • Right to rectification (Art. 16)- Correct inaccurate or incomplete personal data
  • Right to erasure (Art. 17)- 'Right to be forgotten' - deletion when data is no longer necessary or consent is withdrawn
  • Right to restrict processing (Art. 18)- Limit how data is used while a dispute is resolved
  • Right to data portability (Art. 20)- Receive data in a structured, machine-readable format to transfer elsewhere
  • Right to object (Art. 21)- Object to processing based on legitimate interests or direct marketing

Implementing a Right-to-Erasure Endpoint

Example API pattern for handling GDPR deletion requests.

python
from datetime import datetime, timedeltadef handle_erasure_request(user_id):    # 1. Verify the requester's identity before acting    # 2. Check for legal retention obligations (e.g. tax records)    if has_legal_retention_hold(user_id):        anonymize_user(user_id)  # anonymize instead of hard delete    else:        delete_user_data(user_id)    # 3. Propagate deletion to downstream processors/backups    queue_deletion_for_processors(user_id)    # 4. Respond within one month (Art. 12(3)), extendable by two more    #    months for complex requests    deadline = datetime.utcnow() + timedelta(days=30)    log_erasure_request(user_id, deadline)

Breach Notification Rules (Art. 33-34)

Timelines and thresholds for reporting a personal data breach.

  • 72-hour rule- Notify the supervisory authority within 72 hours of becoming aware of a breach, where feasible
  • Risk assessment- No notification required if the breach is unlikely to result in risk to individuals
  • High-risk breaches- Must also notify affected data subjects directly and without undue delay
  • Documentation- All breaches must be logged internally, even if not reportable to the authority
Pro Tip

Build 'privacy by design' into schema migrations: tag personal-data columns with a retention policy and TTL at creation time, so automated purging runs from day one instead of becoming a manual audit project years later.

Was this cheat sheet helpful?

Explore Topics

#GDPRCompliance#GDPRComplianceCheatSheet#Cybersecurity#Intermediate#CorePrinciplesArticle5#Lawful#Bases#Processing#CheatSheet#SkillVeris
Advertisement
Sri Hayavadhana Info-Tech

Professional Web Designing Services

  • Responsive Websites
  • E-commerce Solutions
  • SEO Friendly Design
  • Fast & Secure
  • Support & Maintenance
Get a Free Quote

Share this Cheat Sheet