FAQ
Frequently asked questions
Straight answers about how Acompli supports GDPR and EU AI Act compliance work across assessments, RoPA, risk, DSAR, AI governance, human review and audit-ready evidence.
Key takeaways
- An Article 30 RoPA is a legal obligation for most controllers and processors in Ireland and the UK, and the DPC or ICO can demand it on request — the Article 30(5) small-organisation carve-out is narrow. Full obligation detail: RoPA requirements guide (Ireland & UK).
- A DPIA is required before likely-high-risk processing under GDPR Article 35 (DPC in Ireland, ICO in the UK); a completed DPIA feeds the matching RoPA and risk-register record on one audit trail. See DPIA and Assessments.
- Transfers outside the EEA need Schrems II documentation — transfer mechanism, a Transfer Impact Assessment and supplementary measures (CJEU C-311/18; DPC €1.2bn Meta decision). Methodology: Transfer Impact Assessments.
- AI assists; a human approves. Acompli drafts, classifies and surfaces evidence with confidence scores and a full audit trail — nothing publishes without human review. The EU AI Act AI System Register is available on opt-in (early access).
Buying & Comparing Tools
Getting Started
Platform
Security & Data
Implementation
Still have questions?
Bring your current process and we will show how the records, review gates and evidence connect.