Engineered AI SystemsPrivate AI Software Engineering EN Request a technical assessment

Compliance · GDPR

Technical and organizational measures for personal data protection.

Regulation (EU) 2016/679. European framework for personal data protection. Applicable since 25 May 2018, in force for eight years but with continuously evolving interpretations through EDPB guidelines and national authority decisions.

Request a scopingSee the method
Abstract schema of the compliance assessment process

Context

Who it applies to

All controllers and processors of personal data established in the Union, and those established outside the Union processing data of subjects in the Union in the context of offering goods or services or monitoring. The assessment is particularly useful for those who have never consolidated their GDPR structure, for those who have grown structurally since they first implemented it, or for those integrating new AI processes that require rethinking their processing activities.

What the assessment covers

What the assessment covers

Processing mapping and registers

Register of processing activities (art. 30), legal bases, purposes, data categories, retention.

Technical and organizational measures

Security of processing (art. 32), pseudonymization, encryption, access control, incident management.

Rights of data subjects

Procedures for access, rectification, erasure, portability, objection. Response times and modalities.

Impact assessments (DPIA)

Identification of processing activities requiring DPIA, methodology, integration with enterprise risk management.

Extra-EU transfers

Guarantee mechanisms, country risk assessment, standard contractual clauses, Schrems II evaluations.

Governance and accountability

DPO role, training, policy, documented procedures, evidence of actual adoption.

Same method

Same methodology, applied to the specific regulation.

The methodology common to all certifications — the open-source platform, the documents delivered, the 0–5 maturity model, the work phases — is described once on the main Compliance page.

See the full method Other covered certifications

Have a deadline to face on this regulation?

We start with a scoping: classification of the organization, perimeter, responsible people, availability of existing evidence. From there the rest is sized.

Request a scoping