Mesta
Mesta
Home

Solutions

Global Bill PaymentsGlobal PayrollSupply Chain PaymentsGlobal RemittancesOff Ramp Stablecoins

Developer

API DocsGuides

Company

AboutCase StudiesCustomer StoriesCareers
Trust CenterBlog
Get in Touch
Compliance Framework

General Data Protection Regulation (GDPR)

GDPR is the European Union's comprehensive data protection and privacy regulation. It governs how organizations collect, process, store, and protect personal data of EU residents, granting individuals extensive rights over their data.

Audit In Progress
Coverage
100%
9 / 9 requirements
Controls Mapped
0
Security controls
Policies
3
Supporting policies
Scope

All personal data processing activities involving EU residents, including customer data, employee data, and any identifiable information collected or processed by Mesta.

Framework Requirements

Principles

Art. 5satisfied
Principles Relating to Processing
Personal data shall be processed lawfully, fairly, and transparently; collected for specified purposes; adequate and relevant; accurate; stored no longer than necessary; and processed securely.

Lawful Basis

Art. 6satisfied
Lawfulness of Processing
Processing is lawful only if at least one legal basis applies (consent, contract, legal obligation, vital interests, public task, or legitimate interests).

Transparency

Art. 13-14satisfied
Information to Data Subjects
Controllers must provide data subjects with transparent information about data processing.

Data Subject Rights

Art. 15satisfied
Right of Access
Data subjects have the right to obtain confirmation and access to their personal data.
Art. 17satisfied
Right to Erasure
Data subjects have the right to obtain erasure of personal data (right to be forgotten).

Security

Art. 25satisfied
Data Protection by Design and Default
Controllers must implement technical and organizational measures to ensure data protection principles.
Art. 32satisfied
Security of Processing
Controllers and processors must implement appropriate technical and organizational security measures.

Processor Obligations

Art. 28satisfied
Processor Requirements
Processors must only process data on documented instructions and ensure appropriate security measures.

Incident Response

Art. 33-34satisfied
Breach Notification
Controllers must notify supervisory authorities and affected individuals of personal data breaches.

Mapped Controls (0)

No controls mapped to this framework yet.

Supporting Policies

Information Security Policy
v2.1.0risk
Data Protection and Privacy Policy
v3.0.0data
Vendor and Third-Party Risk Management Policy
v1.6.0vendor

Framework Details

Framework ID
gdpr
Status
in progress
Total Requirements
9
Satisfied
9

Coverage Progress

Overall Coverage100%
Chat with us!