Canonical FrameworkCompliance & Audit

UK GDPR

UK GDPR control-mapping starter for organisations processing UK personal data under the UK GDPR and Data Protection Act 2018. It references transparency, lawful processing, data-subject rights, DPIAs, breach reporting, and relevant ICO guidance; non-gateway obligations require separate processes.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

UK

References

4 references

Mapped Control Domains

6 mapped domains

Deployment

Regulated SaaS, Sovereign Region

Referenced Frameworks, Standards & Obligations

UK GDPRData Protection Act 2018Data (Use and Access) Act 2025ICO Guidance on AI and Data Protection

Mapped Control Domains

Data Privacy
Consent Management
Data Subject Rights
Incident Response
Breach Notification
Transparency

Deployment profiles

Regulated SaaS
Sovereign Region

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.