GDPR on your real catalog, not in a separate spreadsheet
The General Data Protection Regulation has been law since 2018. Linedat connects its obligations — RoPA, DPIA, data subject rights, transfers — to the data you already have catalogued, with audit-proof evidence.
Binding EU law
What the GDPR requires (and why it goes unmet)
GDPR
The General Data Protection Regulation (GDPR) has been binding in the EU since 2018. Its obligations — records of processing activities, impact assessments, data subject rights, legal basis for transfers — are well understood; the problem is that they typically live in privacy tools disconnected from where the data actually resides.
When the RoPA or DPIA do not point to real data, they go stale as soon as the data landscape changes, and responding to an access or erasure request becomes a weeks-long project.
Key GDPR obligations
Linedat delivers GDPR obligations by connecting them to the real catalog, with versioned and tamper-proof evidence.
Records of Processing Activities (Art. 30)
A RoPA that reflects actual processing, with its legal basis, recipients and transfers.
Data Protection Impact Assessment — DPIA (Art. 35)
Assessing the data protection impact of high-risk processing activities, with the DPO's opinion.
Data subject rights (Arts. 15–22)
Access, portability, erasure, rectification… with the Art. 12 response deadline (one month).
International transfers (Ch. V, Art. 28)
Legal basis for sending data to processors and sub-processors (for example, an external LLM): DPA, SCCs, TIA.
How Linedat covers it
Linedat delivers GDPR obligations by connecting them to the real catalog, with versioned and tamper-proof evidence.
RoPA: Record of Processing Activities
A RoPA that points to the real tables — not a disconnected spreadsheet.
View capability →Privacy (GDPR)Data Subject Rights (DSR) with Legal Clock
Citizen rights are not managed by email: with the Art. 12 clock and data location via the RoPA.
View capability →Privacy (GDPR)DPIA: Proactive Impact Assessment (Art. 35)
Do not wait for the risk to find you: the catalogue tells you which assets require a DPIA.
View capability →Privacy (GDPR)Right to Erasure: Real Cascading Deletion
The right to erasure requires real deletion, not a deleted=true flag.
View capability →AI GovernancePII Sanitisation Before Reaching the Model
Before a national ID or an IBAN leaves for OpenAI, it is redacted — in the critical path, not as an option.
View capability →AI GovernanceAI Providers with DPA, SCCs and TIA
Using OpenAI without a DPA is an international transfer with no legal basis.
View capability →Data governanceAccess Grant with Structured Purpose
Access with a typed purpose and an expiry date. Not "just because".
View capability →Trust & evidenceAudit Chain: Verifiable Cryptographic Integrity
Other catalogues store logs. Linedat stores proof — verify it with a button.
View capability →FAQ
Respuestas sobre implementación y capacidades
Related standards
Bring compliance to your own data
Connect your sources and see it in your environment. Free to start.
