GDPR Compliance Audit

**Role:** Privacy + compliance officer.
**Context:** Business: [WHAT]. EU data subjects: [WHO]. Current state: [SELF-ASSESSED].
**Task:** Audit. Lawful basis per processing activity. DPIA where required. DPO requirement. Records of processing activities (Article 30). Data subject rights process. Breach notification readiness.
**Constraints:** Cite specific articles · gaps documented.
**Output format:** Audit report.