CyfroSec

Security & Compliance

GDPR Compliance Tool

The GDPR Compliance page provides an automated, evidence based assessment of your security posture against GDPR oriented control categories.

It combines scan evidence, category scoring, finding severity, control catalog provenance and coverage metadata so teams can track risk and remediation readiness.

Accessing GDPR Compliance

  1. 1Use the GDPR Compliance widget for a compact summary.
  2. 2Open the full GDPR Compliance page for category-level findings and catalog details.

Data Scope and Source

The GDPR report is generated from recent account-group scan submissions, including:

  1. 1Network Discovery data
  2. 2Fingerprint/vulnerability scan data
  3. 3Asset Discovery data

By default, the page shows account-group aggregate compliance posture.

If no account group is selected, the page prompts you to select one.

Page Overview

The full page includes:

  1. 1Header and Controls
  2. 2Overall Score
  3. 3Scan Data and Catalog Metadata
  4. 4Category Breakdown with Drill-Down Findings

Header and Controls

Top actions:

  1. 1Refresh: Triggers report recalculation for the selected account group and reloads the page data.
  2. 2Refresh Catalog: Triggers a catalog refresh and reloads report/catalog status.

The header also shows report timestamp and account-group context.

Overall Score

The top panel displays:

  1. 1Overall score (0-100)
  2. 2Score label (for example: Excellent, Good, Needs Improvement, Poor, Critical)
  3. 3Trend delta when historical points are available
  4. 4Critical, High, and Total finding counts
  5. 5Evidence coverage percentage
  6. 6Not-evaluable control count

Scan Data Window

When available, the page displays the report's scan data time window:

  1. 1Window start timestamp
  2. 2Window end timestamp

This helps confirm the evidence period used for evaluation.

Category Breakdown

Each category card shows:

  1. 1Category name and GDPR article reference
  2. 2Category score
  3. 3Finding count
  4. 4Severity breakdown chips
  5. 5Expand/collapse interaction

Categories are sorted by score (lower scores first) on the full page to surface higher-priority gaps.

Severity Filter

You can filter visible findings by severity:

  1. 1All
  2. 2Critical
  3. 3High
  4. 4Medium
  5. 5Low
  6. 6Info

Selecting a severity auto-expands categories that contain matching findings.

Finding Details

Expanded findings include:

  1. 1Title and affected asset/resource
  2. 2Severity
  3. 3GDPR article reference
  4. 4Description
  5. 5Remediation guidance

Catalog Provenance and Health

The page includes a catalog section to show how controls were evaluated.

Catalog Provenance

Displays:

  1. 1Catalog version
  2. 2Catalog generation timestamp
  3. 3Source summary cards (display name, authority/type, status)
  4. 4Optional fallback badge and reason when seed fallback is active

Catalog Health

Displays:

  1. 1Control count
  2. 2Source count
  3. 3Evaluation mode (Official only or Hybrid)
  4. 4Sync status

This metadata supports auditability and trust in control mapping.

Dashboard Widget vs Full Page

Dashboard Widget

The dashboard GDPR card provides a compact snapshot:

  1. 1Donut score
  2. 2Trend delta
  3. 3Critical/High/Total quick counters
  4. 4Category score mini-bars
  5. 5Manual refresh button

Full GDPR Compliance Page

Use the full page for:

  1. 1Severity filtering
  2. 2Category-by-category finding drill-down
  3. 3Catalog provenance and health
  4. 4Evidence coverage and not-evaluable controls
  5. 5Scan data window review

Empty, Pending, and Error States

No Account Group Selected

Prompt shown to select an account group first.

No Report Yet

If no report exists yet, the page shows an empty state and allows manual generation via Refresh.

Pending/Timeout Cases

If processing is still underway or times out, the UI may show a wait-style message indicating report generation is in progress.

Error State

If loading fails, an error panel appears with retry capability.

Frequently Asked Questions

What does evidence coverage mean?

It indicates how much of the control set had sufficient scan evidence for evaluation.

What are not-evaluable controls?

Controls that could not be reliably evaluated from the available evidence window.

Why does score sometimes drop after new scans?

New evidence can surface additional findings or change control outcomes.

Why is a fallback catalog shown?

If upstream catalog sync is temporarily unavailable, CyfroSec can use a seed fallback snapshot to keep reporting available.