Meet ComplAIIntelligence: Your AI-powered teammate for risk & complianceLearn more
All framework guides

Help Center · Framework guide

GDPR

GDPR · Privacy · European Union · v2016/679

PrivacyEUData Subject Rights

Overview

The EU General Data Protection Regulation governs personal data processing, lawful bases, data subject rights, and cross-border transfers.

14 controls available in ComplAI for this framework.

Who it's for

  • Organizations offering goods/services to EU residents
  • Controllers and processors of EU personal data
  • Privacy programs needing operational control mapping

Why it matters

GDPR drives customer trust and regulatory exposure. Mapping obligations to controls and evidence keeps privacy operations demonstrable.

Lawful basis and transparencyData subject rightsSecurity of processingProcessors, transfers, and DPIAs

How ComplAI helps

  • Activate GDPR in the Framework Library to load its control catalog
  • Assign owners, track compliance status, and attach evidence per control
  • Use risk register and issues workflows when controls fail or deviate
  • Export readiness views for leadership and auditors

Sample controls

  • Art. 5

    Principles of processing

    data protection
  • Art. 6

    Lawfulness of processing

    data protection
  • Art. 7

    Conditions for consent

    data protection
  • Art. 12-14

    Transparent information

    data protection
  • Art. 15-22

    Data subject rights

    data protection
  • Art. 25

    Data protection by design

    governance

Getting started

  1. Open Framework Library and activate GDPR
  2. Review the control list and prioritize high-impact domains
  3. Attach policies, procedures, and technical evidence
  4. Mark controls audit-ready and monitor residual gaps