FAQ

Frequently asked questions

Straight answers about how Acompli supports GDPR and EU AI Act compliance work across assessments, RoPA, risk, DSAR, AI governance, human review and audit-ready evidence.

Key takeaways

  • An Article 30 RoPA is a legal obligation for most controllers and processors in Ireland and the UK, and the DPC or ICO can demand it on request — the Article 30(5) small-organisation carve-out is narrow. Full obligation detail: RoPA requirements guide (Ireland & UK).
  • A DPIA is required before likely-high-risk processing under GDPR Article 35 (DPC in Ireland, ICO in the UK); a completed DPIA feeds the matching RoPA and risk-register record on one audit trail. See DPIA and Assessments.
  • Transfers outside the EEA need Schrems II documentation — transfer mechanism, a Transfer Impact Assessment and supplementary measures (CJEU C-311/18; DPC €1.2bn Meta decision). Methodology: Transfer Impact Assessments.
  • AI assists; a human approves. Acompli drafts, classifies and surfaces evidence with confidence scores and a full audit trail — nothing publishes without human review. The EU AI Act AI System Register is available on opt-in (early access).

Buying & Comparing Tools

Getting Started

Platform

Security & Data

Implementation

Still have questions?

Bring your current process and we will show how the records, review gates and evidence connect.