GDPR → SOC 2 crosswalk

A control-by-control mapping between General Data Protection Regulation (EU 2016/679) and SOC 2 (AICPA Trust Services Criteria). 2 mappings.

GDPR	SOC 2	Relationship	Notes
Art. 25 Data protection by design and by default	CC1.1 Integrity and ethical values	RelatedCurated	Gouvernance et politique de sécurité
Art. 32 Security of processing	CC6.7 Restricting data transmission	PartialCurated	Cryptographie et protection des données

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.