Framework

GDPR

Understand the European data protection regulation and its concrete implications for your organization.

Try for free

The General Data Protection Regulation (GDPR) has governed the processing of personal data within the European Union since 2018. It rests on foundational principles, lawfulness, transparency, minimization, rather than an exhaustive list of technical obligations, which requires genuine ownership rather than a simple checklist.

Any organization that collects data from customers, prospects or employees is concerned, regardless of its size: GDPR compliance is not reserved for large companies with a dedicated legal department.

The foundational principles

GDPR rests on a few structuring principles: every processing activity must have a precise purpose and an identified legal basis, data collected must be limited to what is strictly necessary, and its retention must be time-bound. These principles apply before any technical security question.

The expected documents and processes

Beyond principles, GDPR expects concrete implementation: an up-to-date record of processing activities, documented legal bases, agreements governing processors and a data breach notification procedure within 72 hours.

  • Record of processing activities covering every activity
  • Legal basis identified for each processing activity
  • Data processing agreements with vendors
  • Breach notification procedure within 72 hours
  • Impact assessment for high-risk processing

How Kaliteq draws on it

Kaliteq's GDPR diagnostic structures compliance assessment domain by domain, from the record of processing activities to processor management, to identify action priorities before an inspection or an incident reveals them.

Frequently asked questions

Does GDPR apply to companies outside the EU?

Yes, as soon as they process data from EU residents, regardless of where the company itself is based.

Does a small business need a record of processing activities?

Yes, the obligation to maintain a record applies in principle to every organization, with an exemption limited to rare cases of companies under 250 employees with only occasional processing.

What is the most frequent penalty for non-compliance?

Beyond fines, the most frequent sanction is a formal notice to achieve compliance within a set deadline, with maximum financial penalties reserved for the most serious breaches.

Does the Kaliteq diagnostic replace legal advice?

No, it structures compliance self-assessment and identifies priorities, but the most complex situations warrant dedicated legal support.

Ready to assess your organization?

Create your free account and start your first diagnostic in a few minutes.

Try for free
Home