Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models
RGPD / GDPRRegulationEuropeMandatory

RGPD / GDPR

Authority : Union européenne
99 articles
Overview

What is RGPD / GDPR ?

The General Data Protection Regulation (GDPR) is the European regulation that defines rules for the protection of natural persons with regard to the processing of personal data. Applicable since May 2018, it applies to any organization that processes personal data of EU residents, regardless of where it is established. The GDPR enshrines data subject rights (access, rectification, erasure, portability, objection), imposes privacy by design and by default principles, and requires maintaining a processing register, conducting Data Protection Impact Assessments (DPIA) for high-risk processing, and notifying data breaches within 72 hours.

Key Points

  • Data subject rights: access, rectification, erasure, portability, restriction, objection, no automated profiling
  • Mandatory processing register (Article 30) detailing each processing activity
  • Mandatory DPIA (Data Protection Impact Assessment) for high-risk processing
  • Data breach notification to the supervisory authority within 72 hours
  • Penalties up to 20 million euros or 4% of annual worldwide turnover
  • Mandatory DPO (Data Protection Officer) for certain categories of organizations

Why Zaxyr

Zaxyr facilitates GDPR compliance by automating the processing register, DPIA management, data subject rights request tracking, and documentation of technical and organizational measures. The platform provides native mapping to ISO 27001 (security controls) and NIS2 (incident notification), enabling a unified compliance/security approach.

Start Your Compliance Journey

Get a personalized compliance assessment. Our team will guide you through.