# GDPR Adequacy Checklist
## Governance & Breach Protocols
- DPO appointed and documented
- 72-hour breach notification process defined
## Consent & Data Collection
- No pre-ticked marketing consent boxes
- Explicit consent required for birthday listings
## Sensitive Data Handling
- Medical data restricted to "unwell" status
- Dietary data shared only with explicit consent
## International Data Transfers
- Photo/video sharing audited for adequacy mechanisms
