All regulations
European Union / UK

GDPR

The General Data Protection Regulation governs how personal data of EU and UK residents is collected, processed and protected, including special rules for automated decision-making.

Who it applies to

  • Any organisation processing personal data of EU/UK residents
  • Controllers and processors, including AI vendors handling personal data
  • Automated decision-making and profiling that significantly affects individuals

Core obligations

  • Establish a lawful basis for every processing activity
  • Run DPIAs for high-risk AI processing
  • Provide data subject rights including access, erasure and objection
  • Maintain records of processing and report breaches within 72 hours

How Vigil24 helps

  • Flags AI tools processing personal data
  • Generates DPIA templates pre-filled from tool metadata
  • Tracks vendor DPAs and sub-processor changes