Who it applies to
Almost every Sandline engagement has GDPR implications. Article 32 sets the security obligation, and Article 33 sets the 72-hour breach notification window that drives much of our incident-response work.
What it requires
- Article 32: appropriate technical and organisational measures, including encryption, integrity, availability and resilience
- Article 33: data breach notification to the supervisory authority within 72 hours of awareness
- Article 35: Data Protection Impact Assessment for high-risk processing
How Sandline helps
- Penetration testing and vulnerability management as Article 32 evidence
- Incident response retainer with GDPR-aligned 72-hour notification package
- DPIA technical sections for high-risk processing