What GDPR and data compliance requirements must a new app meet?

Section I of the App Compliance framework covers regulatory and legal compliance. These criteria are the highest-criticality checks — a failure here typically blocks adoption.

This section covers three areas: GDPR compliance, data protection, and data transfer.

What GDPR requirements must the app meet?

## What data protection standards are required?
## What are the requirements for international data transfers?

A US-hosted or third-country tool is acceptable under GDPR if the vendor has a compliant transfer mechanism in place (Standard Contractual Clauses, EU-US Data Privacy Framework, or Binding Corporate Rules) and applies adequate safeguards. The three criteria below determine whether those conditions are met.

## What's Next

App Compliance Overview

How to run a full evaluation and where each section fits.

Access and Security Controls

SSO, MFA, access control, admin privileges, and audit logging.