All framework guides
Help Center · Framework guide
GDPR
GDPR · Privacy · European Union · v2016/679
PrivacyEUData Subject Rights
Overview
The EU General Data Protection Regulation governs personal data processing, lawful bases, data subject rights, and cross-border transfers.
14 controls available in ComplAI for this framework.
Who it's for
- Organizations offering goods/services to EU residents
- Controllers and processors of EU personal data
- Privacy programs needing operational control mapping
Why it matters
GDPR drives customer trust and regulatory exposure. Mapping obligations to controls and evidence keeps privacy operations demonstrable.
Lawful basis and transparencyData subject rightsSecurity of processingProcessors, transfers, and DPIAs
How ComplAI helps
- Activate GDPR in the Framework Library to load its control catalog
- Assign owners, track compliance status, and attach evidence per control
- Use risk register and issues workflows when controls fail or deviate
- Export readiness views for leadership and auditors
Sample controls
- data protection
Art. 5
Principles of processing
- data protection
Art. 6
Lawfulness of processing
- data protection
Art. 7
Conditions for consent
- data protection
Art. 12-14
Transparent information
- data protection
Art. 15-22
Data subject rights
- governance
Art. 25
Data protection by design
Getting started
- Open Framework Library and activate GDPR
- Review the control list and prioritize high-impact domains
- Attach policies, procedures, and technical evidence
- Mark controls audit-ready and monitor residual gaps
