One change can touch several frameworks.
The same ordinary code change often implicates a control in more than one framework at once. Pick a common one below and see which clauses it tends to touch, each linking to how heygrc reads that framework in a pull request. It runs entirely in your browser and is an illustration, not a compliance verdict.
Pick a change
Controls it tends to implicate
A debug or audit log starts capturing more personal data than the feature needs.
Data minimisation: personal data should be limited to what the purpose needs.
GDPR Art. 5(1)(c)Security of processing: how that data is then protected at rest in the log store.
GDPR Art. 32If it is cardholder data, the PAN must be rendered unreadable and the log is now in scope.
PCI DSS Req 3
An illustration of the framework-in-code idea, not a compliance verdict. Which obligations actually apply depends on the frameworks your company holds.
This is the mapping heygrc is built to do on every PR.
This explorer is a static, hand-built map of common patterns. heygrc is built to do the same kind of reasoning on the actual diff: read each change against the frameworks your company selected and cite the specific control it touches, as a review comment. It does not certify you or run your audit. heygrc is in early access.