Skip to content

GDPR

What Escape tests against the General Data Protection Regulation, and how to use the GDPR block in reporting.

What We Cover

GDPR is a privacy regulation, but it levies concrete technical duties under Article 32 (security of processing). Escape's GDPR coverage focuses on those:

  • Article 32(1)(a) Pseudonymisation and encryption: TLS posture, weak cipher suites, unencrypted PII in transit.
  • Article 32(1)(b) Confidentiality, integrity, availability: every sensitive-data-exposure finding, every authentication or authorization bug, every injection class.
  • Article 32(1)(d) Regular testing: the scan cadence itself is the evidence.
  • Article 33 Breach notification: audit logs support the 72-hour notification timeline.

Escape's sensitive-data scalars cover the PII classes GDPR names (names, national ID numbers, addresses, IBANs, and similar) so exposure is caught at scan time.

How to Enable

  1. Turn on the GDPR framework under Organization Settings -> Compliance.
  2. Tag EU-data-processing assets with the gdpr compliance tag.
  3. Add the GDPR block to reports shared with your Data Protection Officer.

What the Report Contains

Per enabled asset: the Article 32 obligations, the mapped security tests, findings in scope, and a pass / fail posture. Pair with the organization-wide data flow to produce a defensible Article 32 evidence pack.