GDPR prompt library overview
What you'll find in this library
This GDPR prompt library provides ready-to-use prompts for achieving and maintaining compliance with the EU General Data Protection Regulation. Each prompt is designed to help you work with ISMS Copilot to generate practical, actionable outputs aligned with GDPR requirements.
How to use these prompts
Copy and customize: All prompts use [brackets] to indicate where you should insert your specific details. Replace these placeholders with your organization's information.
Iterate for depth: Start with scoping and assessment prompts, then drill down into specific articles or data processing activities. Ask follow-up questions to expand sections or address edge cases.
Upload context: For best results, upload your existing privacy policies, data inventories, or processing records to your workspace before using these prompts.
Create a dedicated workspace for GDPR compliance to keep all privacy-related conversations, files, and generated documents organized in one place.
Prompt categories
The library is organized to match the GDPR compliance lifecycle:
Data protection assessment
Prompts for understanding your data processing activities, conducting Data Protection Impact Assessments (DPIAs), and mapping GDPR applicability to your operations.
Privacy policies and notices
Generate GDPR-compliant privacy policies, privacy notices, data subject communications, and consent mechanisms that meet transparency requirements.
Data subject rights procedures
Create procedures and response templates for handling data subject access requests (DSARs), erasure requests, portability, and other rights under Articles 15-22.
Security and technical measures
Design technical and organizational measures (TOMs) to ensure data security, implement privacy by design, and demonstrate compliance with Article 32 security requirements.
Documentation and accountability
Develop Records of Processing Activities (RoPA), data protection policies, accountability frameworks, and audit-ready documentation demonstrating GDPR compliance.
Best practices for GDPR prompts
Specify your role and jurisdiction: GDPR obligations vary for controllers vs. processors, and for organizations in vs. outside the EU. Always clarify your status.
Reference specific GDPR articles: Use article numbers (e.g., "Article 6 lawful basis" or "Article 35 DPIA") to ensure accurate, regulation-aligned responses.
Consider data subject categories: GDPR requirements may differ for customers, employees, children, or special category data. Specify the data subjects involved.
Validate with legal counsel: GDPR has legal and regulatory consequences. Always review generated content with qualified legal or data protection professionals.
ISMS Copilot generates draft content to accelerate your GDPR compliance work. All outputs should be reviewed by your legal team and Data Protection Officer to ensure they accurately reflect your processing and comply with current guidance.
Workflow example
Here's how to use this library for comprehensive GDPR compliance:
Assess your scope: Use data protection assessment prompts to map processing activities and determine GDPR applicability
Establish lawful basis: Identify lawful bases for each processing activity using assessment prompts
Create transparency documents: Generate privacy policies and notices with the privacy policies prompts
Implement data subject rights: Build procedures and templates for handling DSARs and other rights
Design security measures: Use security prompts to document technical and organizational measures
Build accountability documentation: Create RoPAs, policies, and compliance records
Conduct DPIAs: For high-risk processing, use DPIA prompts to assess and mitigate risks
GDPR compliance is ongoing, not a one-time project. Use these prompts regularly to update documentation as your processing activities evolve.