Framework library / GDPR

Data & Security · regulatory framework

GDPR — EU General Data Protection Regulation.

EU data protection law — Article 28 makes you accountable for every processor in your chain.

What it is

The GDPR governs processing of EU personal data. Article 28 requires written contracts (DPAs) with every processor, using only processors providing “sufficient guarantees”, and Article 30 requires records of processing activities. Accountability means documented evidence — including for the vendors and sub-processors behind your services.

Who it applies to

Any organization processing EU residents’ personal data — controllers and processors alike, wherever headquartered.

The evidence auditors expect

How ComplianceFlow keeps you ready

Related frameworks

ISO 27001SOC 2HIPAA

See GDPR evidence assemble itself.

ComplianceFlow keeps a living copy of GDPR mapped to your suppliers, products and evidence — so what you must prove is always current, and always exportable.

Book a demo Get the audit checklist