CISA· ISACA
Certified Information Systems Auditor (ISACA)
ISACA’s CISA targets IS audit. 5 domains, ITAF and COBIT, 2,300+ questions with AuditBot explanations.
Term DefinitionCompliance
GDPR
General Data Protection Regulation — the European framework for personal data protection.
The GDPR (EU Regulation 2016/679) is the primary EU data protection framework. It mandates consent, the right to erasure, data portability, and breach notification within 72 hours. Fines can reach 4% of global annual turnover or €20M (whichever is higher). It applies to any organization processing data of EU residents, regardless of location. The DPO (Data Protection Officer) is mandatory for public authorities and companies processing sensitive data at scale.
📌 Key points
- Extraterritorial applicability: applies to any organization processing EU residents' data
- 72h to notify a data breach to the supervisory authority (e.g., CNIL in France)
- Fines: 2% or 4% of global turnover depending on severity (capped at €10M or €20M)
- DPO mandatory for public bodies and certain private companies
- Privacy by Design and Privacy by Default: compliance must be built in from day one
Related certifications
These certifications cover the concept of "GDPR" in depth.
🔗 Related concepts
ComplianceComplianceFrameworksFrameworks
NIS2 Directive
EU directive on the security of network and information systems — revised version.
DORA Regulation
Digital Operational Resilience Act — EU regulation on digital operational resilience.
ISO 27001
The international standard for Information Security Management Systems (ISMS).
GRC Platform
Integrated software to manage Governance, Risk, and Compliance in one place.
📖 Related articles
Master this concept and more
Start your GRC certification journey today.