Canonical FrameworkCompliance & Audit

GDPR (Data Processor)

GDPR processor framework template for Article 28, 29, 32, and 33 duties, including processor agreements, sub-processor flow-downs, confidentiality, technical security, and controller-facing incident support for AI processing pipelines handling EEA personal data.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

EU

References

3 references

Mapped Control Domains

7 mapped domains

Deployment

Regulated SaaS, Sovereign Region

Referenced Frameworks, Standards & Obligations

EU General Data Protection Regulation (EU) 2016/679ePrivacy Directive 2002/58/ECEDPB Guidelines 07/2020 on controller and processor concepts

Mapped Control Domains

Data Privacy
Data Processing Agreements
Incident Response
Access Control
Data Encryption
Audit Logging
Subprocessor Management

Deployment profiles

Regulated SaaS
Sovereign Region

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.