EU · Framework
GDPR — General Data Protection Regulation
The GDPR governs the processing of personal data of individuals in the European Economic Area, setting a high, directly applicable standard for lawfulness, transparency, individual rights and accountability.
What it is
The GDPR governs the processing of personal data of individuals in the European Economic Area, setting a high, directly applicable standard for lawfulness, transparency, individual rights and accountability.
European Union / EEA · In force since 25 May 2018
Who it binds
Controllers and processors handling personal data in the context of an EEA establishment, and controllers outside the Union that offer goods or services to, or monitor the behaviour of, individuals in the Union.
Key obligations
- A lawful basis for processing, one of six, including consent and legitimate interests
- Purpose limitation, data minimisation and storage limitation
- Data-subject rights: access, rectification, erasure, restriction, portability, objection and safeguards on automated decisions
- Security, 72-hour breach notification, and accountability via records, DPIAs, a DPO where required and Chapter V transfer mechanisms
How CCI addresses it
Data-governance mapping and CySSURANCE translate GDPR duties into measurable technical controls and audit-ready evidence, and quantify the financial exposure of gaps.
Official source
Regulation (EU) 2016/679
https://eur-lex.europa.eu/eli/reg/2016/679/oj
The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.