7 domains, 28 requirements. EU data protection and privacy regulation.
The General Data Protection Regulation (GDPR) is the EU's comprehensive data protection law that governs how organisations collect, process, store, and share personal data. It applies to any organisation that handles the personal data of EU/EEA residents, regardless of where the organisation is based.
GDPR compliance requires organisations to demonstrate lawful basis for processing, data subject rights, breach notification procedures, and accountability measures. Non-compliance can result in fines of up to €20 million or 4% of annual global turnover.
GDPR covers 7 domains that ShieldIQ assesses comprehensively.
Processing of personal data is performed lawfully, fairly, and transparently in accordance with GDPR principles (Article...
Data subject rights are facilitated and fulfilled in accordance with GDPR requirements (Articles 12-23)
The controller demonstrates compliance with GDPR principles through appropriate governance measures (Articles 24-25, 30,...
Appropriate technical and organisational measures are implemented to ensure a level of security appropriate to the risk ...
Personal data breaches are detected, reported, and managed in accordance with GDPR notification requirements (Articles 3...
International transfers of personal data are conducted with appropriate safeguards in compliance with GDPR transfer mech...
Relationships with processors and other third parties are governed by appropriate agreements and oversight mechanisms (A...
Claude AI analyses your responses and generates detailed, framework-specific recommendations.
Visualise your compliance posture with interactive charts and risk heatmaps.
Generate board-ready compliance reports with prioritised remediation steps.
Re-assess regularly and track your improvement with trend dashboards.
Get your AI-powered compliance score, personalised recommendations, and executive report in minutes.
Start Your Free Assessment