Get GDPR Compliant and Stay Compliant

Policy Builder

Create and update data policies with single entry updates for any changes, no time consuming rewrites.

A wide range of templates are included to help you along.

Data Assets

An asset register for your data, recording who is responsible, what needs to be done and when.


Automatic reminders for data activities for all responsible employees, ensuring that policies are being maintained.


Create logged tickets for data events by department.

Define tasks to events which are automatically generated with the ticket.

Assign each task to an employee or department.

Employees are aware and accountable for their data tasks.

Use the pre-defined template blocks to build policies

Choose from a wide range, and expanding, of contract and policy templates to get you going.

Add the templates that apply to your business activities directly into the GDPR Planner to personalise your policy.

ICO Requirements for Compliance.

1. Awareness

Make sure the key decision makers and people in your business are aware of the GDPR law changes and appreciate any impact it might have.

Create department specific policies and reminders and tickets with attachments of minutes from meetings.

2. Information you hold

Document personal data you hold, where it came from and who you share it with and maintain records of processing activities.

Follow the Data Audit to document the personal data you hold. Use reminders and tickets to record on going processing activities.

3. Review privacy notice

Plan any necessary updates to your privacy notices in line with GDPR, including the lawful basis for processing data.

Use the Policy Builder to edit and update your current policy. Use reminders and tickets to make sure the notice is applied across the business and reviewed regularly.

4. Rights of data subjects

Consider all the rights of individuals including the deletion personal data or electronic provision.

Publish policies and guides for each department and use tickets to make sure individual requests are complied with.

5. Subject Access Requests

Plan how to handle SAR's. In most cases you cannot charge for the request and must comply within 1 month.

Use tickets to make sure SAR's go to the right place immediately. Track their progress with at a glance graphical views.

6. Lawful basis for data

Identify your lawful basis for processing, document and update your privacy policy to explain it.

Use the Data Audit to review processing activities, update your privacy notice in Policy Builder.

7. Consent

Review how you seek, record and manage consent. If necessary refresh existing consent for GDPR.

Use reminders to make sure all company documentation have been updated for positive consent. Use Policy Builder to update your comapny documents.

8. Data breaches

Correct procedures to detect, report and investigate data breaches are required. In all cases the ICO must be informed, in some cases so must the individual.

Publish a data breach policy to all groups, follow up with specific data events and tickets to manage the process.

9. Data Protection by Design

Data Protection Impact Assesment's are an express legal requirement were data processing results in a high risk to individuals.

Start new projects with a Privacy Impact Assesment ticket to decide whether a DPIA is required and as a record of compliance.

10. Data Protection Officer

Your DPO should take responsibility for data protection compliance using their knowledge and authority within the business.

The graphical view and reports will allow a DPO to fully monitor compliance across the business. With published policies and ticekts as evidence.

11. International

If you operate in more than 1 EU member state and carry out cross border processing you must determine the lead data protection authority.

By answering the Data Audit questions you will be aware of the lead area. Use reminders to review this location.

12. Children

Consider whether you need a system to verify individual's ages and obtain parental consent for data processing activities.

Use Policy Builder to edit your privacy notice to be understood by children. Use reminders to review personal data and the age of data subjects.