GDPR¶
Regulation (EU) 2016/679 — the baseline of the EU digital-regulation stack, in application since 25 May 2018. This branch treats GDPR as an operating discipline, not a legal topic: the registers, assessments and processes that make compliance demonstrable.
Planned branches¶
| Area | Planned artefacts |
|---|---|
| Accountability (Art. 5(2), 24, 30) | Records-of-processing starter structure · document inventory |
| DPIAs (Art. 35) | When-is-a-DPIA-required checklist · DPIA template walk-through |
| Processors & transfers (Art. 28, Ch. V) | Processor due-diligence checklist · DPA clause review list |
| Breach handling (Art. 33–34) | 72-hour notification runbook · severity assessment reference |
| GDPR × AI | How GDPR obligations interact with AI Act obligations (see also cross-mappings) |
Under construction
This branch fills in gradually — GDPR artefacts often ship as the "third leg" of cross-regulation mappings. Announcements on the blog.
Primary sources¶
- Regulation (EU) 2016/679 on EUR-Lex
- EDPB guidelines (linked per artefact)