Before launch
Define the purpose for collecting the data
Confirm the minimum data needed for that purpose
Check where the data is stored and who can access it
Review vendor or subprocessor involvement
Confirm retention and deletion expectations
Identify whether user-facing notices or workflow changes are needed
Confirm whether the feature changes the RoPA or data inventory
Identify whether vendors or subprocessors are involved
Review analytics, logging, and export behavior
Confirm whether consent, preference, or opt-out flows are affected
Decide whether a DPIA or deeper privacy review is needed
Why teams use this
It turns privacy review into a repeatable product workflow instead of a last-minute legal checkpoint.
Product questions
Ask:
- What user problem does the feature solve?
- What personal data is required?
- Can the same outcome be achieved with less data?
- Will data be visible to new roles or teams?
- Will data be shared with a new vendor?
- Does the feature introduce new automated decisions or profiling?
- Does the feature affect children, employees, patients, or other sensitive groups?
Engineering questions
Confirm:
- Data location
- Access controls
- Logging behavior
- Retention and deletion logic
- Encryption expectations
- Admin or support access paths
- Export or integration behavior
Review outcome
Close the checklist with one of these outcomes:
- Approved
- Approved with changes
- More information needed
- Requires legal or privacy review
- Requires DPIA or security review before launch