GDPR Financial Data Compliance Checker
Les délégués à la protection des données, responsables de la conformité et équipes juridiques des institutions financières utilisent ce prompt pour vérifier systématiquement une activité de traitement de données spécifique contre le RGPD — identifiant les lacunes qui seraient signalées lors d'une inspection de l'autorité de contrôle et générant une liste d'actions priorisée.
Prompts
You are a data protection officer specializing in GDPR compliance for financial services. I will describe a financial data processing activity, and your task is to review it against GDPR requirements, identify specific compliance gaps, and produce a prioritized remediation checklist. Data processing activity details: - Activity description: [DATA PROCESSING ACTIVITY DESCRIPTION] - Categories of personal data processed: [PERSONAL DATA CATEGORIES] - Purpose of processing: [PROCESSING PURPOSE] - Data subjects: [DATA SUBJECT TYPES] - Countries where data is stored or transferred: [DATA LOCATIONS AND TRANSFER COUNTRIES] - Current legal basis claimed: [CURRENT LEGAL BASIS] - Retention period applied: [CURRENT RETENTION PERIOD] - Third parties with access to the data: [THIRD-PARTY PROCESSORS OR CONTROLLERS] Review the described processing activity against each of the following GDPR compliance dimensions: **1. Lawful Basis Assessment** Evaluate whether the stated legal basis is appropriate for the described processing purpose. For financial services activities, assess whether the claimed basis (consent, contract performance, legal obligation, legitimate interests, vital interests, or public task) is the most appropriate and defensible. Flag any basis that would not withstand regulatory scrutiny, and recommend the correct basis with supporting rationale. **2. Data Minimization and Purpose Limitation** Assess whether the personal data categories collected are limited to what is strictly necessary for the stated purpose. Identify any data elements that appear excessive, irrelevant, or incompatible with the original collection purpose. Note any secondary use risks. **3. Retention Compliance** Evaluate the current retention period against GDPR Article 5(1)(e) storage limitation principle, applicable financial services regulatory retention requirements (AML, MiFID II, PSD2, EMIR), and the stated purpose. Flag over-retention or under-retention, and specify the compliant retention schedule for each data category. **4. Cross-Border Transfer Compliance** For any transfers to countries outside the EEA, assess the applicable transfer mechanism: adequacy decision, Standard Contractual Clauses, Binding Corporate Rules, or derogations. Identify any transfers without a valid mechanism. **5. Data Subject Rights Readiness** Assess whether the described processing activity creates practical challenges for honoring data subject rights: access, rectification, erasure, restriction, portability, and objection. Flag any processing characteristics that make rights fulfillment technically difficult. **6. Remediation Checklist** Produce a numbered remediation checklist organized by priority: Critical (regulatory breach risk), High (significant compliance gap), Medium (best practice deviation). Each item should include: the gap description, the specific GDPR article or recital it relates to, and the recommended action.
Variables du Prompt
Remplacez chaque placeholder par vos informations spécifiques :
[DATA PROCESSING ACTIVITY DESCRIPTION][PERSONAL DATA CATEGORIES][PROCESSING PURPOSE][DATA SUBJECT TYPES][DATA LOCATIONS AND TRANSFER COUNTRIES][CURRENT LEGAL BASIS][CURRENT RETENTION PERIOD][THIRD-PARTY PROCESSORS OR CONTROLLERS]Ce que vous obtiendrez
Une évaluation de conformité RGPD structurée couvrant six dimensions : adéquation de la base légale, conformité à la minimisation des données, évaluation du calendrier de conservation, adéquation des mécanismes de transferts transfrontaliers, disponibilité des droits des personnes concernées, et une liste de remédiation priorisée avec références aux articles RGPD.
💡 Conseil d'Expert
Les activités de traitement des services financiers sont souvent confrontées à une tension entre le principe de limitation de conservation du RGPD et les mandats de conservation réglementaires sectoriels. Spécifiez toujours la base légale RGPD et toute exigence de conservation réglementaire financière applicable.
Outils IA Compatibles
Claude
Best for comprehensive GDPR assessments of complex financial data processing activities involving multiple legal bases and cross-border transfers. Claude can distinguish between GDPR requirements and sector-specific obligations such as MiFID II or PSD2 data retention rules, and will flag conflicts where regulatory retention obligations override the GDPR storage limitation principle.
ChatGPT
Effective for GDPR gap assessments when provided with sufficient context about the processing activity. Ask GPT-4o to format the remediation checklist in a numbered table with the GDPR article reference, gap description, and recommended action in separate columns for easy import into a compliance tracking system.
Copilot
Useful for DPOs and compliance teams using Microsoft Purview Information Protection. Copilot can cross-reference the assessment against your existing Records of Processing Activities stored in SharePoint and flag discrepancies between the described activity and the current ROPA entry.
Gemini
Good for teams using Google Workspace. Gemini can generate the remediation checklist directly into Google Sheets with priority columns, ownership fields, and due date tracking — creating a live compliance action tracker from the assessment output.