GDPR Research
7 published notes grouped into 6 domains.
Guide path
Use domains before opening individual notes
EU personal-data protection requirements translated into processing decisions, engineering controls, operating evidence, and accountable governance. Each domain page explains the area first, then groups controls, templates, evidence packs, crosswalks, and related guide notes.
Domains
Choose a domain
Scope & roles
1 noteMaterial scope, territorial reach, personal-data concepts, and the controller, processor, representative, and DPO roles.
Lawful processing
1 notePurpose limitation, data minimization, lawful bases, consent, special-category data, retention, and processing changes.
Rights & transparency
1 notePrivacy notices, access, rectification, erasure, restriction, portability, objection, and request handling.
Accountability & governance
2 notesRecords of processing, privacy by design, DPIAs, ownership, evidence, training, review, and ISO 27001 alignment.
Security & breaches
1 noteRisk-based security, personal-data breach assessment, notification decisions, evidence, and response readiness.
Processors & transfers
1 noteProcessor due diligence and contracts, subprocessors, international transfers, safeguards, and exit evidence.