The GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. While primarily process-driven, there are a number of technical controls that can be followed.


ControlDescription
Article 25 - Data Protection by Design and by DefaultThe controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data that are necessary for each specific purpose of the processing are processed.
Article 30 - Records of Processing ActivitiesThe controller shall maintain a record of processing activities under its responsibility.
Article 32 - Security of ProcessingThe controller shall implement appropriate technical and organizational measures that consider the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.


To View the Compliance Programs available visit Compliance in your Aqua CSPM Console, and select Defaults or Custom to filter the programs displayed, you can also expand the program control details using the Expand Settings toggle.