Data Privacy & Protection

GDPR / EU Data Protection

The European framework for personal data protection and privacy rights.

Knowledge Hub
99 Articles
Full regulation
€20M / 4% Revenue
Maximum fine
72-Hour
Breach notification
DPIA Required
High-risk processing
Overview

The General Data Protection Regulation (GDPR) is the European Union's primary data protection legislation, applying to all organizations that process personal data of EU/EEA data subjects — regardless of where the organization is located. It establishes rights for individuals and obligations for organizations, backed by significant financial penalties for non-compliance.

Documentation obligations under GDPR are substantial and specific: Organizations must maintain Records of Processing Activities (RoPA), demonstrate lawful basis for each processing activity, conduct Data Protection Impact Assessments (DPIAs) for high-risk processing, and document responses to Data Subject Requests. The principle of accountability requires that organizations not only comply with GDPR but are able to demonstrate compliance on demand.

Standard Identity
GDPR / EU Data Protection
Data Privacy & Protection
GDPR
Key Requirements

What the standard
requires you to document.

Article 13/14 – Transparency

Privacy notices documenting what personal data is collected, why, how long it is retained, and with whom it is shared.

Article 17/18/20 – Data Subject Rights

Documented processes for handling access, erasure, restriction, and portability requests within 30-day timelines.

Article 28 – Processor Agreements

Data Processing Agreements (DPAs) with all processors handling personal data on behalf of the controller.

Article 30 – Records of Processing

Records of Processing Activities (RoPA) documenting all processing activities, purposes, categories, and retention periods.

Article 35 – DPIAs

Data Protection Impact Assessments for high-risk processing activities, with DPO consultation documentation.

Article 37 – Data Protection Officer

DPO appointment documentation, independence evidence, and contact detail publication.

ELDR Documentation

Templates and resources
available from the Knowledge Hub.

Records of Processing Activities (RoPA) — controller and processor versions
Data Processing Agreement (DPA) templates for processor relationships
Data Protection Impact Assessment (DPIA) methodology and templates
Privacy Notice / Privacy Policy aligned with Articles 13 and 14
Data Subject Request process documentation and response templates
Lawful basis documentation for all processing activities
International Transfer documentation (SCCs, BCRs, adequacy decisions)
Data Breach notification procedures and 72-hour reporting templates
Request Access

Templates and implementation resources for GDPR / EU Data Protection are available through the ELDR Institute Knowledge Hub and via direct request.

Or: [email protected]

Related Frameworks