Skip to content
Splnit.eu
PlatformDemoEU RegulationsBlogEarly accessAboutPricing
||
Sign in
Design partner
← All regulations
Data protection authorityActiveRegulation (EU) 2016/679

GDPR

GDPR applies to organisations that process personal data. It requires processing records, data subject rights, processor contracts, risk assessments, and breach notification within 72 hours when required.

Who may be in scope

Indicative practical impact for EU SMBs.

  • Any organisation processing customer, employee, prospect, or supplier personal data.
  • E-commerce, SaaS, agencies, healthcare, professional services, and B2B teams with CRM data.
  • Companies using analytics, marketing tools, cloud services, or external processors.
  • Organisations transferring personal data outside the EU or EEA.
Key obligations

What often needs evidence or review.

Article 30

Records of processing

Maintain records for core processing activities, systems, purposes, and processors.

Due: active

Article 35

DPIA

Assess risk and safeguards before high-risk personal data processing starts.

Due: before high-risk processing

Article 33

Breach notification

Notify the competent authority when a personal data breach meets the reporting threshold.

Due: 72 hours

Article 28

Processor contracts

Keep processor terms and supplier reviews for vendors handling personal data.

Due: active

Fines and sanctions

Risk is measured in money, contracts, and lost trust.

Violation typeMaximum sanctionEnforcement
Core principle violationsEUR 20 million or 4% of worldwide turnoverData protection authority
Process obligationsEUR 10 million or 2% of worldwide turnoverData protection authority
Late breach notificationDepends on impact and delayData protection authority
How Splnit.eu helps

Turn obligations into controls, evidence, and deadlines.

ROPA generator

Build processing records from systems, teams, vendors, and purposes.

DPIA workflow

Track risk assessment steps, approvals, mitigations, and review dates.

72-hour incident log

Keep a defensible breach timeline and exportable notification record.

See the platform
Šablony

Šablony a dokumenty ke stažení

Připravené šablony pro vaši implementaci. Stáhněte, upravte a použijte ve své firmě.

DOCX

Záznamy o zpracovatelských činnostech (ROPA)

Šablona pro evidenci všech zpracovatelských činností dle čl. 30 GDPR.

DOCX

Plán řízení bezpečnostních incidentů

Postup detekce, eskalace, hlášení a řešení kybernetických incidentů.

DOCX

Posouzení vlivu na ochranu osobních údajů (DPIA)

Šablona hodnocení rizik pro zpracování s vysokým dopadem dle čl. 35 GDPR.

Šablony jsou obecné vzory. Upravte je podle specifik vaší organizace. Splnit.eu nenese odpovědnost za jejich právní přesnost.

Splnit.eu

Early access platform for EU compliance automation.

Monthly EU regulation briefing

Product

  • Monitoring
  • Integrations
  • Trust Center
  • Security
  • Status
  • Early access
  • About
  • Pricing
  • Compare
  • Partners

Regulations

  • NIS2
  • EU AI Act
  • GDPR
  • ISO 27001

Contact

Splnit.eu — Czech sole-trader operator, Olomouc

Olomouc, Czech Republic

hello@splnit.eu
Topics we cover:GDPRNIS2ISO 27001Vyhl. č. 410/2025 Sb.

© 2026 Splnit.eu · All rights reserved

PrivacyTermsCookiesDPA
||