Compliance with EU GDPR

Or if you can help me with sample DLP framework defining exactly what it should contain or relevant references/links?

Answer: Unfortunately we do not have such specific material, but for determination of rights of employees I suggest you to take a look at these material:

ISO 27018 guidelines: This standard aims to protect Personally Identifiable Information from customers that makes use of cloud services, considering the point of view from both customers providers. You can check the orientations for customers to have an idea on what consider for your employees. For detailed information see: ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

CISPE Code of conduct: Cloud Infrastructure Service Providers in Europe (CISPE) is a coalition of technology companies focused on provisioning of cloud computing infrastructure services, and this code is an effort to help customers and providers comply with EU GDPR. You can find more information here: Data Privacy Protection, ISO 27001 and CISPE Code of Conduct https://advisera.com/27001academy/blog/2016/10/31/data-privacy-protection-iso-27001-and-cispe-code-of-conduct/

For additional information about ISO 27001 and EU GDPR I suggest you these materials:
- What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/27001academy/blog/2016/10/03/what-is-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
- What is EU GDPR and how can ISO 27001 help? https://info.advisera.com/27001academy/free-download/what-is-eu-gdpr-and-how-can-iso-27001-help