Data Privacy Mapper
Framework Universe
2 of 4 Selected39 / 39 Controls Covered
39 / 39 Controls Covered
| ID | Control & Domain | GDPR Mapping | ISO 27001 Mapping | Status |
|---|---|---|---|---|
| GOV-01 | Governance & Risk Management FrameworkGovernance Enforce controls for Governance & Risk Management Framework aligned with best-practice standards. | Article 41 | A.7.1 | Covered |
| DAT-01 | Data Inventory & MappingData Privacy Enforce controls for Data Inventory & Mapping aligned with best-practice standards. | Article 49 | A.10.1 | Covered |
| ACC-01 | Access Control PolicyIdentity & Access Management Enforce controls for Access Control Policy aligned with best-practice standards. | Article 16 | A.12.1 | Covered |
| CRY-01 | Encryption at RestCryptography Enforce controls for Encryption at Rest aligned with best-practice standards. | Article 23 | A.16.1 | Covered |
| INC-01 | Incident Response PlanIncident Management Enforce controls for Incident Response Plan aligned with best-practice standards. | Article 11 | A.21.1 | Covered |
| TRA-01 | Security Awareness TrainingHuman Resources Security Enforce controls for Security Awareness Training aligned with best-practice standards. | Article 16 | A.13.1 | Covered |
| RET-01 | Data Retention & DisposalData Privacy Enforce controls for Data Retention & Disposal aligned with best-practice standards. | Article 11 | A.14.1 | Covered |
| VUL-01 | Vulnerability ManagementTechnical Security Enforce controls for Vulnerability Management aligned with best-practice standards. | Article 28 | A.16.1 | Covered |
| SOC-01 | Security Operations CenterMonitoring Enforce controls for Security Operations Center aligned with best-practice standards. | Article 15 | A.18.1 | Covered |
| DSR-01 | Right of Access & PortabilityData Privacy Enforce controls for Right of Access & Portability aligned with best-practice standards. | Article 7 | A.12.1 | Covered |
| DSR-02 | Right to Erasure (Right to be Forgotten)Data Privacy Enforce controls for Right to Erasure (Right to be Forgotten) aligned with best-practice standards. | Article 40 | A.14.1 | Covered |
| DSR-03 | Right to RectificationData Privacy Enforce controls for Right to Rectification aligned with best-practice standards. | Article 19 | A.12.1 | Covered |
| DSR-04 | Consent ManagementData Privacy Enforce controls for Consent Management aligned with best-practice standards. | Article 22 | A.16.1 | Covered |
| TPM-01 | Third-Party Due DiligenceThird-Party Management Enforce controls for Third-Party Due Diligence aligned with best-practice standards. | Article 6 | A.22.1 | Covered |
| TPM-02 | Data Processing Agreements (DPA)Third-Party Management Enforce controls for Data Processing Agreements (DPA) aligned with best-practice standards. | Article 49 | A.7.1 | Covered |
| TRN-01 | Cross-Border Data Transfer MechanismData Privacy Enforce controls for Cross-Border Data Transfer Mechanism aligned with best-practice standards. | Article 18 | A.16.1 | Covered |
| TRN-02 | Transfer Impact Assessment (TIA)Governance Enforce controls for Transfer Impact Assessment (TIA) aligned with best-practice standards. | Article 26 | A.22.1 | Covered |
| PHY-01 | Physical Entry ControlsPhysical Security Enforce controls for Physical Entry Controls aligned with best-practice standards. | Article 43 | A.13.1 | Covered |
| PHY-02 | Clean Desk PolicyPhysical Security Enforce controls for Clean Desk Policy aligned with best-practice standards. | Article 33 | A.20.1 | Covered |
| HR-01 | Employee Screening (Background Checks)Human Resources Security Enforce controls for Employee Screening (Background Checks) aligned with best-practice standards. | Article 16 | A.8.1 | Covered |
| HR-02 | Disciplinary ProcessHuman Resources Security Enforce controls for Disciplinary Process aligned with best-practice standards. | Article 27 | A.6.1 | Covered |
| BCM-01 | Business Continuity PlanningBusiness Continuity Enforce controls for Business Continuity Planning aligned with best-practice standards. | Article 50 | A.13.1 | Covered |
| BCM-02 | Data Backup & RestorationBusiness Continuity Enforce controls for Data Backup & Restoration aligned with best-practice standards. | Article 32 | A.22.1 | Covered |
| DEV-01 | Secure Development Lifecycle (SDLC)Secure Development Enforce controls for Secure Development Lifecycle (SDLC) aligned with best-practice standards. | Article 10 | A.8.1 | Covered |
| DEV-02 | Code Review & TestingSecure Development Enforce controls for Code Review & Testing aligned with best-practice standards. | Article 50 | A.13.1 | Covered |
| AST-01 | Asset InventoryAsset Management Enforce controls for Asset Inventory aligned with best-practice standards. | Article 6 | A.7.1 | Covered |
| AST-02 | Acceptable Use PolicyAsset Management Enforce controls for Acceptable Use Policy aligned with best-practice standards. | Article 25 | A.6.1 | Covered |
| Lgl-01 | Privacy Policy (Notice)Legal Enforce controls for Privacy Policy (Notice) aligned with best-practice standards. | Article 12 | A.21.1 | Covered |
| Lgl-02 | Records of Processing Activities (RoPA)Legal Enforce controls for Records of Processing Activities (RoPA) aligned with best-practice standards. | Article 34 | A.6.1 | Covered |
| DAT-02 | Data Minimization & Purpose LimitationData Privacy Enforce controls for Data Minimization & Purpose Limitation aligned with best-practice standards. | Article 38 | A.12.1 | Covered |
| DAT-03 | Data Flow MappingData Privacy Enforce controls for Data Flow Mapping aligned with best-practice standards. | Article 44 | A.19.1 | Covered |
| ACC-02 | Multi-Factor Authentication (MFA)Identity & Access Management Enforce controls for Multi-Factor Authentication (MFA) aligned with best-practice standards. | Article 7 | A.7.1 | Covered |
| AUD-01 | Audit Logging & MonitoringMonitoring Enforce controls for Audit Logging & Monitoring aligned with best-practice standards. | Article 8 | A.14.1 | Covered |
| NET-01 | Network Security & SegmentationTechnical Security Enforce controls for Network Security & Segmentation aligned with best-practice standards. | Article 20 | A.19.1 | Covered |
| DEV-03 | Privacy by Design & DefaultSecure Development Enforce controls for Privacy by Design & Default aligned with best-practice standards. | Article 48 | A.6.1 | Covered |
| RSK-01 | Data Protection Impact Assessment (DPIA)Risk Management Enforce controls for Data Protection Impact Assessment (DPIA) aligned with best-practice standards. | Article 52 | A.12.1 | Covered |
| RSK-02 | Risk AssessmentRisk Management Enforce controls for Risk Assessment aligned with best-practice standards. | Article 28 | A.18.1 | Covered |
| CLD-01 | Cloud Security & Service Provider ManagementCloud Security Enforce controls for Cloud Security & Service Provider Management aligned with best-practice standards. | Article 5 | A.10.1 | Covered |
| TPM-03 | Vendor Offboarding & TerminationThird-Party Management Enforce controls for Vendor Offboarding & Termination aligned with best-practice standards. | Article 13 | A.6.1 | Covered |