Learn

gdpr

Browse 47 published controls in this framework.

Control IDTitle
GDPR-A10-01GDPR-A10-01: Criminal Conviction Data Processing
GDPR-A13-01GDPR A13-01: Privacy Notice for Direct Data Collection
GDPR-A14-01GDPR A14-01: Privacy Notice for Indirect Data Collection
GDPR-A15-01GDPR Article 15: Right of Access Control
GDPR-A16-01GDPR Article 16: Right to Rectification Compliance
GDPR-A17-01GDPR Right to Erasure (A17-01) | Data Deletion Process
GDPR-A18-01GDPR A18-01: Right to Restriction of Processing
GDPR-A19-01GDPR A19-01: Data Rectification & Erasure Notification
GDPR-A20-01GDPR Article 20: Right to Data Portability Compliance
GDPR-A21-01GDPR Article 21: Right to Object | Compliance Guide
GDPR-A22-01GDPR A22-01: Automated Decision-Making & Profiling
GDPR-A24-01GDPR A24-01: Controller Responsibility & Compliance
GDPR-A25-01GDPR A25-01: Data Protection by Design & Default
GDPR-A25-02GDPR A25-02: Data Protection by Default | GRCWatch
GDPR-A26-01GDPR A26-01: Joint Controllers Compliance
GDPR-A28-01GDPR Article 28: Processor Contracts & Data Processing Agreements
GDPR-A28-02GDPR A28-02: Processor Obligations & Data Processing
GDPR-A29-01GDPR A.29-01: Processing Authority & Data Instructions
GDPR-A30-01GDPR A30-01: Records of Processing Activities | GRCWatch
GDPR-A30-02GDPR A30-02: Processor Records of Processing Activities
GDPR-A32-01GDPR Article 32: Technical & Organisational Security Measures
GDPR-A32-02GDPR A.32(2): Pseudonymisation & Encryption
GDPR-A32-03GDPR A32-03: Ensure System Confidentiality & Resilience
GDPR-A32-04GDPR A32-04: Restore Availability & Access | GRCWatch
GDPR-A32-05GDPR A32-05: Security Testing & Assessment Process
GDPR-A33-01GDPR A33-01: Breach Notification to Supervisory Authority
GDPR-A34-01GDPR Article 34: Data Breach Notification Requirements
GDPR-A34-02GDPR Article 34-02: Breach Register Documentation
GDPR-A35-01GDPR Article 35: When to Conduct a DPIA
GDPR-A35-02GDPR A35-02: DPIA Content Requirements Checklist
GDPR-A36-01GDPR Article 36: Prior Consultation & DPIA High Risk
GDPR-A37-01GDPR A37-01: Data Protection Officer Designation
GDPR-A38-01GDPR A38-01: Data Protection Officer Position & Independence
GDPR-A39-01GDPR A39-01: Data Protection Officer Tasks
GDPR-A44-01GDPR A44-01: International Data Transfer Controls
GDPR-A45-01GDPR A45-01: Adequacy Decision Data Transfers
GDPR-A46-01GDPR A46-01: Data Transfer Safeguards
GDPR-A5-01GDPR A5.01: Lawfulness, Fairness & Transparency
GDPR-A5-02GDPR A5-02: Purpose Limitation Compliance
GDPR-A5-03GDPR A5-03 Data Minimisation | GRCWatch
GDPR-A5-04GDPR A5-04: Data Accuracy Control & Compliance
GDPR-A5-05GDPR A5-05: Storage Limitation & Data Retention
GDPR-A5-06GDPR A5-06: Data Integrity & Confidentiality Controls
GDPR-A6-01GDPR Article 6: Document Lawful Basis for Data Processing
GDPR-A7-01GDPR A7-01: Consent Requirements & Records
GDPR-A9-01GDPR A9-01: Special Categories Data Processing
GDPR-A9-02GDPR A9-02: Explicit Consent for Special Categories