This table shows the 8 compliance areas where ISO 27001 and GDPR controls overlap. When you mark a control as implemented in either framework, Venvera automatically propagates the status to the equivalent control in the other.
| Compliance Area | ISO 27001 | GDPR |
|---|---|---|
| Encryption | A.8.24 | gdpr-se-04 |
| Key Management | A.8.24 | gdpr-se-04 |
| Access Control | A.5.15 | gdpr-se-05 |
| Incident Management | A.5.24, A.5.25, A.5.26 | gdpr-bn-01 |
| Business Continuity | A.5.29, A.5.30 | gdpr-se-03 |
| Supplier Contracts | A.5.20 | gdpr-cp-04 |
| Data Classification | A.5.12, A.8.10, A.8.12 | gdpr-pr-03 |
| Security Testing | A.5.35 | gdpr-se-02 |
For details on how propagation works, thresholds, and the auto-mapped badge, see the Cross-Framework Control Propagation overview article.