Framework

GDPR (Regulation 2016/679)

General Data Protection Regulation — operationalise Records of Processing, DPIAs, DSRs, and breach notifications.

Owner: Privacy TeamLast reviewed: 2026-04-14

Scope in OneComply

  • /dashboard/gdpr/ropa — Records of Processing Activities (Art. 30).
  • /dashboard/gdpr/dpia — Data Protection Impact Assessments.
  • /dashboard/gdpr/dsr — Data Subject Request workflow with SLA timers.
  • /dashboard/gdpr/consent — consent register and withdrawal audit.

Typical Workflow

  1. Build the ROPA by importing systems, purposes, and data categories.
  2. Screen each processing activity for DPIA triggers.
  3. Map DPAs against the sub-processor register.
  4. Configure DSR intake — portal + email capture with 30-day deadline.
  5. Route personal-data breaches through the Incident module with 72h CNPD-style timer.

Continue reading

CSSF
Incident Reporting