GDPR isn't just for European companies. If you process data of EU residents, you're in scope. Folksoft maps your data flows, implements required controls, and keeps you audit-ready.
If you touch the personal data of EU residents, these four facts apply to you.
Applies to any company processing personal data of EU residents, regardless of where you're based.
Fines up to €20M or 4% of global annual turnover for violations — whichever is higher.
Requires a lawful basis for data processing, clear privacy notices, and data subject rights.
Requires breach notification to the relevant authority within 72 hours of discovery.
From data mapping to DSRs to Article 32 controls, Folksoft operationalises GDPR across your stack.
Folksoft maps your data flows and builds your Record of Processing Activities (ROPA) automatically.
Privacy policy and cookie policy templates, tailored to how your product actually processes data.
Practical consent management guidance so you capture, store, and honour user consent correctly.
Ready-made DSR workflows for access, rectification, and erasure requests — so nothing slips.
Documented breach notification procedures built around the GDPR 72-hour reporting window.
Technical controls mapped to Article 32 requirements across your AWS, Azure, GCP, and identity stack.
ISO 27001 certification covers most of GDPR's Article 32 technical requirements. Folksoft handles both together for maximum efficiency.
Explore ISO 27001 certificationEverything founders ask us before starting their GDPR journey.
Still have questions?Yes — if you process personal data of EU residents, GDPR applies regardless of where your company is based or incorporated. Folksoft maps your data flows and implements the required controls so you can operate lawfully in every EU market.
A DPA is a legally required contract between a data controller and a data processor under GDPR Article 28. It must be in place before any processor handles personal data on your behalf. Folksoft provides a standard DPA for all customers.
Yes. Folksoft provides a standard Data Processing Agreement for all customers. Contact us to receive our DPA before onboarding.
GDPR covers all EU residents' personal data globally; CCPA covers California residents. While both are privacy regulations, they have different rights, obligations, and penalty structures. Folksoft handles both frameworks, allowing you to address EU and US privacy requirements efficiently.
Talk to our team and we'll map your data flows and the controls you need to process EU data with confidence.