Regulation guide
GDPR compliance
GDPR compliance is the baseline for handling personal data in the EU. This guide walks through the core GDPR requirements, the rights you must honour, and the new questions raised where AI and privacy meet.
The basics
The core GDPR requirements
AI and privacy: the new frontier
As organisations deploy machine learning, AI and privacy collide: automated decision-making, training data and profiling all raise fresh GDPR questions that sit alongside the EU AI Act.Lawful, fair, transparent
GDPR requirements start with a lawful basis for processing and clear information for the people whose data you hold.
Data subject rights
Access, rectification, erasure, portability and objection are rights you must be able to honour to claim GDPR compliance.
Accountability
You must be able to demonstrate compliance โ records of processing, DPIAs where needed, and appropriate security.
What GDPR compliance requires
Records of processing
Document what data you process, why and on what basis.
Breach notification
Report qualifying breaches within 72 hours where feasible.
DPIAs
Assess high-risk processing before you start.
Security of processing
Appropriate technical and organisational measures.
Where to next
Tool and connect
GRC tooling
Manage records, DPIAs and evidence in one place.
ISO 27701
Extend your ISMS to privacy information management.
EU AI Act
Where AI processing meets data protection.
GDPR FAQs
What are the GDPR requirements?
A lawful basis for processing, transparency, honouring data subject rights, security of processing and demonstrable accountability.
When must a breach be notified?
Qualifying personal-data breaches must be reported to the supervisory authority within 72 hours where feasible.
How do AI and privacy interact?
AI systems that process personal data must still satisfy GDPR, including rules on automated decision-making and profiling.
Keep GDPR compliance defensible.
Get the refresher in the GDPR webinar and tool it with open-source GRC.