GDPR: privacy programs that hold up
Understand data protection principles, lawful processing, subject rights, DPIAs, breach notification timelines, and technical measures that support privacy programs.
Best for: Privacy officers, legal/compliance teams, product security, and EU-facing SaaS operators.
GDPR workspace
Evidence · controls · tools
72h
Breach notice
RoPA
Core artifact
DPIA
High-risk tool
Quick wins this week
- Maintain a Records of Processing Activities
- Document lawful basis for each processing activity
- Execute DPAs with critical vendors
Control & program focus
- Lawful basis and consent documentation
- Data inventory and processing records
- Privacy by design in systems and vendors
- Data subject access and erasure workflows
- Breach detection and 72-hour notification readiness
- Cross-border transfer and vendor due diligence
Typical audit evidence
- Records of processing activities (RoPA)
- DPIA templates for high-risk processing
- Vendor DPA and subprocessors list
- Encryption and retention configuration proof
Articles
GDPR compliance articles
Evidence write-ups, control explainers, and operational proof patterns from the library.
Tutorials
GDPR Tutorials
Structured lessons with chapters, checklists, and practical tasks for compliance skills.
Templates
GDPR audit templates
Checklists, trackers, policy starters, and evidence formats ready to customize.
E-books
GDPR E-Books
Downloadable field guides, checklists, and playbooks for evidence programs and audit readiness.
Workflow
Your audit-ready path
Four steps IT and GRC teams use when preparing evidence for assessments.
Scope & framework
Choose SOC 2, ISO 27001, CIS, PCI, HIPAA, NIST, or GDPR scope. Define systems, owners, and audit timeline.
Map controls
Align organizational controls to framework requirements. Document owners, frequency, and evidence types.
Collect proof
Gather screenshots, logs, tickets, policies, and test results using templates and interactive checklists.
Present & improve
Package evidence for auditors, close gaps, and feed findings back into monitoring and hardening.
Explore more
Other compliance frameworks
Jump between SOC 2, ISO, PCI, HIPAA, CIS, NIST, and GDPR hubs.
SOC 2
Learn how to implement, document, and present controls for access, change management, monitoring, backups, incident response, and endpoint protection — with evidence auditors expect.
ISO 27001
Build ISMS literacy: risk treatment, Annex A controls, policies, asset management, supplier security, and certification readiness for security and operations teams.
PCI DSS
Protect cardholder data environments with network segmentation, secure configurations, vulnerability management, logging, and QSA-style evidence practices.
HIPAA
Security Rule safeguards, privacy workflows, risk analysis, access controls, audit logging, and breach readiness for healthcare IT and compliance teams.
CIS Controls
Turn CIS Controls and benchmarks into actionable hardening for Linux, cloud, and enterprise infrastructure — prioritized safeguards and implementation groups.
NIST CSF
Align security programs to NIST Cybersecurity Framework functions — policies, controls, metrics, and measurable outcomes across the enterprise.