This table shows the 9 compliance areas where NIST CSF and GDPR controls overlap. When you mark a control as implemented in either framework, Venvera automatically propagates the status to the equivalent control in the other.
| Compliance Area | NIST CSF | GDPR |
|---|---|---|
| Encryption | PR.DS-01, PR.DS-02 | gdpr-se-04 |
| Key Management | PR.DS-01 | gdpr-se-04 |
| Access Control | PR.AA-01 | gdpr-se-05 |
| Incident Management | RS.MA-01, RS.AN-03 | gdpr-bn-01 |
| Incident Reporting | RS.CO-02 | gdpr-bn-02 |
| Business Continuity | RC.RP-01, RC.RP-03 | gdpr-se-03 |
| Supplier Contracts | GV.SC-05 | gdpr-cp-04 |
| Data Classification | PR.DS-10 | gdpr-pr-03 |
| Security Testing | ID.IM-02 | gdpr-se-02 |
For details on how propagation works, thresholds, and the auto-mapped badge, see the Cross-Framework Control Propagation overview article.