SimpleAct Logo
GDPR · In force since May 2018

GDPR Compliance for Businesses

The General Data Protection Regulation (GDPR) requires every organisation that processes personal data to demonstrate compliance. SimpleAct bundles all mandatory registers, deadlines and evidence in one place – from accountability to data breach handling.

Start for free View GDPR module

What does the GDPR require?

The GDPR has applied directly across the EU since 25 May 2018. It requires controllers to process personal data lawfully, transparently and for a defined purpose – and to be able to prove it at any time (accountability under Art. 5(2)). This includes a record of processing activities, technical and organisational measures, upholding data subject rights and a working data breach process.

The core obligations at a glance

Records of processing (Art. 30)
Complete documentation of all processing activities with purpose, legal basis, data categories and recipients.
Security measures (Art. 32)
Technical and organisational measures that ensure a level of protection appropriate to the risk, fully documented.
Data subject rights (Art. 12–22)
Access, rectification, erasure and more must generally be answered within one month.
Accountability (Art. 5)
Every measure must be provable – evidence, registers and logs available at any time.

Your path to GDPR compliance

  • Create and maintain records of processing under Art. 30
  • Define a legal basis for every processing activity (Art. 6)
  • Bind processors contractually via a DPA (Art. 28)
  • Define and regularly review security measures (Art. 32)
  • Establish a data subject request process with deadline tracking
  • Set up a data breach process with a 72-hour reporting chain
  • Run a data protection impact assessment for high-risk processing
  • Train staff and document the training

Fines up to €20M or 4% of annual turnover

GDPR violations can result in fines of up to €20M or 4% of global annual turnover, whichever is higher. Complete documentation is your best protection.

Frequently asked questions about GDPR compliance

Who does the GDPR apply to?

To every company and organisation that processes personal data of individuals in the EU – regardless of the size or location of the organisation.

Do we need a data protection officer?

A DPO is mandatory, among other cases, when the core activity involves large-scale processing of sensitive data or systematic monitoring of individuals.

What is the accountability principle?

Under Art. 5(2), controllers must not only ensure GDPR compliance but also be able to demonstrate it at any time – through registers, evidence and logs.

How do the GDPR and the EU AI Act relate?

The two frameworks complement each other: where AI processes personal data, the GDPR and EU AI Act apply in parallel. SimpleAct covers both compliance areas in one platform.

GDPR compliance with SimpleAct

Registers, deadlines, data subject requests and breaches – structured, provable and audit-ready in one platform.

Start for free

Related topics

Records of ProcessingData Protection Impact AssessmentReport a data breachData subject rightsGDPR module
Yannick Heisler

Yannick Heisler

Sales · Personal consultation

GDPR Compliance for Businesses – Obligations, Deadlines & Implementation | SimpleAct | SimpleAct