All frameworks// framework reference

GDPR for EU B2B software companies.

GDPR applies when a company processes personal data of people in the EU. For B2B software companies, that usually includes customer users, employees, prospects, support contacts, product analytics, logs, and vendor data from the first day of EU operations.

Supported in KaamosbindingLast updated May 12, 2026

Who it applies to

Any company processing personal data of people in the EU.
SaaS companies with EU customers, employees, or users.
Processors and controllers that need to show security and accountability.

What you need to do

Appropriate technical and organizational security measures.
Processor and vendor management, data-subject rights, breach response, and records of processing.
Evidence that privacy controls and security controls are actually operating.

How Kaamos helps

Connects privacy-relevant assets, vendors, and controls into one operating view.
Keeps GDPR security work aligned with ISO 27001, NIS2, and customer questionnaires.
Maintains evidence for security controls without screenshot scrambling.