GDPR Evidence

The European Union's General Data Protection Regulation (GDPR) ¹ cybersecurity requirements can be divided into subcategories of requirements: the use and collection requirements relating to the data subject and the system requirements related to the integrity and confidentiality of the data which is assessed using a cyberseucity assessment of systems that process privacy data.

Companies are required to retain evidence of their compliance with the GDPR. There are numerous cybersecurity requirements for GDPR. Evidence required is in the shape of forms, reports, policies, procedures, and cybersecurity assessments. There are many templates can be used for specific forms, reports, policies, and procedures which can be modified to be fit for purpose. Cybersecurity assessments can use any common framework and be automated using integrated cyber risk management platforms.

We will break down each evidence requirement needed and align them to the GDPR article that requires them.