Skip to main content


Your GDPR compliance toolkit.

gdpr flag with connhex logo

What is GDPR?

GDPR is shorthand for General Data Protection Regulation: it is a regulation of the European Parliament on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Long story short, it's a regulation you absolutely need to comply with if your business involves personal data of EU citizens - or you'll risk paying heavy fines!


How can I learn more?

We've put together a detailed FAQ section. In case of any doubt, just contact us! We'll provide you with additional details for both our internal policies and Connhex implementation details. And if you need some help to understand what your obligations with respect to GDPR compliance are, we'll be happy to share everything we know about it.
additional resources

Compliance map

Here's a detailed GDPR compliance map for Connhex.



chapter 1

General provisions

Subject-matter and objectives
Material scope
Territorial scope

chapter 2


Lawfulness of processing
Conditions for consent
Conditions applicable to child's consent in relation to information society services
Processing of special categories of personal data
Processing of personal data relating to criminal convictions and offence
Processing which does not require identification

chapter 3

Rights of the data subject

Transparent information, communication and modalities for the exercise of the rights of the data subject.
Information to be provided where personal data are collected from the data subject
Information to be provided where personal data have not been obtained from the data subject
Right of access by the data subject
Right to rectification
Right to erasure (Right to be forgotten)
Right to restriction of processing
Notification obligation regarding rectification or erasure of personal data or restriction of processing
Right to data portability
Right to object
Automated individual decision-making, including profiling

chapter 4

Controller and processor

Responsibility of the controller
Data protection by design and by default
Joint controllers
Representatives of controllers or processors not established in the Union
Processing under the authority of the controller or processor
Record of processing activities
Cooperation with the supervisory authority
Security of processing
Notification of a personal data breach to the supervisory authority
Communication of a personal data breach to the data subject
Data protection impact assessment
Prior consultation
Designation of the data protection officer
Position of the data protection officer
Tasks of the data protection officer
Codes of conduct
Monitoring of approved codes of conduct
Certification bodies

chapter 5

Transfers of personal data to third countries or international organisations

General principle for transfers
Transfers on the basis of an adequacy decision
Transfers subject to appropriate safeguards
Binding corporate rules
Transfers or disclosures not authorised by Union law
Derogations for specific situations
International cooperation for the protection of personal data

chapter 6

Independent supervisory authorities

Supervisory authority
General conditions for the members of the supervisory authority
Rules on the establishment of the supervisory authority
Competence of the lead supervisory authority
Activity reports

chapter 7

Cooperation and consistency

Cooperation between the lead supervisory authority and the other supervisory authorities concerned
Mutual assistance
Joint operations of supervisory authorities
Consistency mechanism
Opinion of the Board
Dispute resolution by the Board
Urgency procedure
Exchange of information
European Data Protection Board
Tasks of the Board
Tasks of the Chair

chapter 8

Remedies, liability and penalties

Right to lodge a complaint with a supervisory authority
Right to an effective judicial remedy against a supervisory authority
Right to an effective judicial remedy against a controller or processor
Representation of data subjects
Suspension of proceedings
Right to compensation and liability
General conditions for imposing administrative fines

chapter 9

Provisions relating to specific processing situations

Processing and freedom of expression and information
Processing and public access to official documents
Processing of the national identification number
Processing in the context of employment
Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Obligations of secrecy
Existing data protection rules of churches and religious associations

chapter 10

Delegated acts and implementing acts

Exercise of the delegation
Committee procedure

chapter 11

Final provisions

Repeal of Directive 95/46/EC
Relationship with Directive 2002/58/EC
Relationship with previously concluded Agreements
Commission reports
Review of other Union legal acts on data protection
Entry into force and application


not applicable
partially applicable
compliant (where applicable)