Skip to content

GDPR

Regulation (EU) 2016/679 — the baseline of the EU digital-regulation stack, in application since 25 May 2018. This branch treats GDPR as an operating discipline, not a legal topic: the registers, assessments and processes that make compliance demonstrable.

Planned branches

Area Planned artefacts
Accountability (Art. 5(2), 24, 30) Records-of-processing starter structure · document inventory
DPIAs (Art. 35) When-is-a-DPIA-required checklist · DPIA template walk-through
Processors & transfers (Art. 28, Ch. V) Processor due-diligence checklist · DPA clause review list
Breach handling (Art. 33–34) 72-hour notification runbook · severity assessment reference
GDPR × AI How GDPR obligations interact with AI Act obligations (see also cross-mappings)

Under construction

This branch fills in gradually — GDPR artefacts often ship as the "third leg" of cross-regulation mappings. Announcements on the blog.

Primary sources