What is the right risk management framework for my organisation?

RiskPedia's AI Advisor matches your industry, maturity and goals to one of 26 frameworks including ISO 31000, COSO ERM, NIST RMF, ISO 27001, Basel III/IV, Solvency II, DORA, NIS2 and SOC 2 in under two minutes.

What is the CERT-In 6-hour incident reporting rule?

CERT-In Directions under Section 70B IT Act 2000 (April 28, 2022, effective June 25, 2022) require every Indian organisation to report 26 categories of cyber incidents to incident@cert-in.org.in within 6 hours of noticing. 180-day log retention in India, Indian NTP sync, and VPN/cloud KYC are also mandatory.

When does the DPDP Act become enforceable?

The DPDP Act 2023 received Presidential assent on Aug 11, 2023. DPDP Rules 2025 were notified by MeitY on Nov 13, 2025. Consent Manager registration opens approximately Nov 2026 and core Data Fiduciary obligations + the Data Protection Board become enforceable approximately May 2027 with penalties up to Rs 250 Cr.

What is RBI MD-ITGRC 2023?

RBI's Master Direction on IT Governance, Risk, Controls and Assurance Practices (November 2023, effective April 2024) replaces the 2011 IS Master Direction. It covers IT governance, cybersecurity, third-party risk management, data localisation, 6-hour incident reporting, annual CERT-In empanelled IS audits and cloud risk management for all regulated entities.

What is SEBI CSCRF 2024?

SEBI's Cybersecurity and Cyber Resilience Framework (2024) applies to all capital market entities — stock exchanges, depositories, brokers, mutual funds, AIFs, portfolio managers and KRAs. It mandates cyber audits, governance, third-party risk, SOC monitoring, incident reporting and cyber resilience testing.

Who must comply with General Data Protection Regulation (EU 2016/679)?

Organizations processing personal data of EU residents, regardless of the organization's location, must comply. This includes controllers and processors handling EU data.

What are the key requirements of GDPR?

GDPR requires lawful processing bases, privacy-by-design, data protection impact assessments, breach notification within 72 hours, and honoring individual rights like access and erasure.

What are the penalties for non-compliance with GDPR?

Fines reach up to €20 million or 4% of global annual revenue (whichever is higher) for serious violations, with lower tiers at €10 million or 2% for other infringements.

RiskPedia

Back to library

Privacy · Issued by European Union

GDPR

General Data Protection Regulation (EU 2016/679)

data privacyGDPRDPIAconsentdata protectionEU regulation

Compare GDPR with

EU regulation mandating data protection, privacy-by-design, breach notification, and individual rights for personal data processing.

GDPR, effective May 2018, establishes comprehensive privacy obligations including lawful bases for processing, data subject rights (access, erasure, portability), and accountability through Data Protection Impact Assessments (DPIAs). Non-compliance can trigger fines up to 4% of global turnover. Organizations must appoint Data Protection Officers, maintain processing records, and report breaches within 72 hours. A retail e-commerce platform, for example, implements consent management and DPIA workflows to handle customer data lawfully and avoid penalties.

At a glance

Complexity

High

Certification

Time to implement

12+ months

Issued by

European Union

Fits

Industries

retailhealthcarebankingitgovernmentinsurance

Risk types

complianceoperationalfinancial

Frequently asked

Questions risk leaders ask

GDPR is the EU regulation governing personal data protection and privacy, establishing rights for individuals and obligations for data controllers and processors across the European Economic Area.

See if it fits you

Run the Finder to get a personalised match score for GDPR.

Join: India Risk Alerts

RiskPedia — The Risk Framework Encyclopedia & AI Advisor

Frameworks indexed

India Regulatory Hub — Deep Dive (RBI, SEBI, IRDAI, CERT-In, DPDP)

For AI assistants and search crawlers

GDPR

At a glance

Fits

Questions risk leaders ask

Run the Finder to get a personalised match score for GDPR.