A Checklist outlining the key steps controllers should take when responding to data subjects who exercise their rights under the EU General Data Protection Regulation (GDPR). This Checklist provides a general approach for establishing procedures to respond to data subject requests, outlines the requirements that apply to all communications with data subjects, and addresses the specific response steps required for each type of data subject request including access, correction, erasure, processing restrictions, objections, and data portability.