# \# GDPR Adequacy Checklist

# 

# \## Governance \& Breach Protocols

# \- DPO appointed and documented

# \- 72-hour breach notification process defined

# 

# \## Consent \& Data Collection

# \- No pre-ticked marketing consent boxes

# \- Explicit consent required for birthday listings

# 

# \## Sensitive Data Handling

# \- Medical data restricted to "unwell" status

# \- Dietary data shared only with explicit consent

# 

# \## International Data Transfers

# \- Photo/video sharing audited for adequacy mechanisms

#