⚠️ JavaScript Required

Hey, you NEED JavaScript for this application to work properly.

RiskTape is a modern web application that requires JavaScript to deliver secure, real-time compliance management features. Please enable JavaScript in your browser settings and reload the page.

‹ Back to Diagnose

Compliance / detail

ACME Corp

GDPR

Up to 4% of global annual revenue.

Maturity score

74 C

Controls implemented

32/ 44

Open gaps

2

Last assessed

6 days ago

Obligation areas

4

Lawful basis & consent Art 6–7

81

9/11

On track

Data-subject rights Art 15–22

77

10/13

Watch

Security of processing Art 32

64

7/11

At risk

Records & mapping Art 30

70

6/9

Watch

Control status

44controls

Implemented 32

In progress 8

Not started 4

Recent activity

Art 30

Data-mapping for the legacy store

3 gaps open — finding f-phi

6d

Art 33

Breach-notification runbook

Reviewed

15d

Open gaps affecting this framework

Unencrypted patient data in a legacy datastore

A breach here is an automatic HIPAA + GDPR reportable event — penalties scale with revenue and record count.

Open →critical

Public S3 bucket exposes PII

A billing export bucket is world-readable and holds customer PII — a GDPR-reportable exposure.