GDPR, mapped for engineers
GDPR translated into the design and code decisions engineers actually make. Thirty-two concepts across the data lifecycle. Open any one, or filter to what applies to your system.
How to use this playbook
32 concepts shown
What counts as personal data
Pseudonymization vs anonymization
Controller, processor, sub-processor
Lawful basis
Special categories of data
The seven principles
Territorial scope: does GDPR apply?
What counts as "processing"
Privacy by Design & by Default
Data minimization & purpose limitation
Data flow mapping & RoPA
Data Protection Impact Assessment
Data residency & international transfers
User identity model
Transparency & the right to be informed
Access control: IAM, RBAC, ABAC
Encryption in transit & at rest
Secrets & key management
Logging discipline
Consent capture & storage
Vendor / sub-processor controls
Retention & deletion
Right to erasure
Event-driven deletion propagation
Right of access & portability
Right to rectification
Right to object
Right to restriction of processing
Automated decision-making & profiling
Breach detection
Breach notification
Working with the DPO and regulators