Privacy & Data Protection

The EU General Data Protection Regulation (GDPR) and UK GDPR govern how you process personal data: lawful basis, data subject rights (access, rectification, erasure, portability, objection), data protection by design, breach notification within 72 hours, and accountability. ISO/IEC 27701:2019 extends ISO 27001 for Privacy Information Management (PIMS) and helps you demonstrate compliance with GDPR and other privacy laws. Data Protection Impact Assessments (DPIAs), records of processing, and vendor contracts require clear controls and evidence. ActiveERM helps you map controls to GDPR articles and collect audit-ready evidence. Visit our GRC & Compliance page for privacy and data protection.

Privacy compliance is ongoing: new processing activities need DPIAs, data subject requests have deadlines, and breaches must be documented. A GRC platform that links policies, controls, and evidence to GDPR articles reduces the burden and keeps you ready for supervisory authority checks.

Key regulations & official links