Remember the last time a company asked you for permission to hold your data? The chances are that it was because of the General Data Protection Regulation (GDPR), or GDPR. Even though the GDPR went into effect some years ago now, many companies are still coming to terms with the new data handling requirements.
If you haven’t got time to read the whole post and came for the tools, here is our list of the best GDPR compliance software:
- SolarWinds Access Rights Manager (FREE TRIAL) The reporting engine of this access rights monitor will help you prove GDPR compliance.
- ManageEngine EventLog Analyzer (FREE TRIAL) This SIEM tool not only searches for security breaches, but it also confirms the ongoing security of sensitive data, making it great for demonstrating GDPR compliance.
- LogicGate A cloud-based risk compliance assessor that helps you keep within GDPR requirements.
- privIQ This is a compliance assessor that offers guidance on what system security weaknesses need to be fixed to comply with GDPR, LGPD, PDPA, POPIA and KVKK.
- Netwrix Auditor Perform risk assessment, identify sensitive data, and implement access rights controls with this attractive tool.
- Really Simple Systems CRM system with a data collection consent feature. Available in free and paid versions.
- Vigilant Software GDPR Manager A system GDPR compliance assessor that includes a breach event logger.
- OneTrust A risk assessor that tracks privacy and compliance problems and the efforts to close them off.
The best GDPR compliance software
Before we look at the list it’s important to take note of the GDPR’S main provisions:
- Companies require the consent of customers to process their data.
- Companies need to have a legitimate reason to hold data on their customers.
- Customers have the right to be forgotten (or the right to have their data destroyed).
- Companies must notify customers after a data breach.
- Certain companies must appoint a data protection officer to oversee GDPR compliance.
These provisions apply to any company that holds data on EU citizens. Complying with these privacy regulations can be tricky, but a management software platform can make the process much easier. There is a range of GDPR compliance software platforms that allow you to access data, manage policies, and view data handling processes through one interface (which is particularly useful when responding to data breaches).
SolarWinds Access Rights Manager is a user access monitoring tool that can be used to demonstrate GDPR compliance. SolarWinds Access Rights Manager monitors user access to personal data. The user can automate the provisioning and de-provisioning of user accounts to control who has access to sensitive information.
The platform scans user accounts and identifies insecure configurations (that could be exploited by a bad actor). After identifying an insecure account, SolarWinds Access Rights Manager creates an alert so that a human user can begin remediation. Alerts help to respond more effectively if there is a risk to customer data and complies with GDPR regulations.
To help you with auditing, SolarWinds Access Rights Manager has reports. You can develop on-demand reports for Microsoft Exchange, SharePoint, permissions, and other assets to verify their safety. Having an audit trail helps show that your GDPR security controls are successfully protecting customer data.
If you’re looking to monitor user access and satisfy GDPR reporting requirements then SolarWinds Access Rights Manager is very useful. SolarWinds Access Rights Manager starts at a price of $3,444 (£2,615). You can download the 30-day free trial.
ManageEngine EventLog Analyzer is a log analysis tool that can be used to comply with GDPR requirements. With ManageEngine EventLog Analyzer you can collect and analyze log data from across your network. Log management allows you to verify that the devices in your network are secure.
There are also compliance audit reports to help you develop a record of risks. There are compliance reports compatible with PCI DSS, FISMA, GLBA, SOX, HIPAA, ISO 27001 that can also be used with the GDPR. These reports can be scheduled so that you periodically view security risks.
There are three editions of ManageEngine EventLog Analyzer: Free Edition, Premium, and Distributed. The Free Edition supports up to five log sources with compliance reports free of charge. The Premium edition starts at $595 (£459.99) per year with support for 10-1000 log sources and to log forensic analysis.
The Distributed edition starts at $2,495 (£1,928) with support for 50-unlimited log sources with distributed central-collector architecture. You can download a 30-day free trial.
LogicGate is a web-based automated risk compliance solution that satisfies many requirements of the GDPR. Through the LogicGate portal customers can launch a Data Access Request, Data Correction Request, Data Portability Request, and Data Removal Request. You can use the platform to respond to access requests and make sure that you’re not breaching the GDPR.
In the event of a breach, you can use the breach response process to respond within 72 hours. There are automated alerts to notify the authorities when you’ve discovered a breach. Being able to identify and respond to breaches promptly makes sure that you’re doing everything necessary to protect customer privacy.
More generally you can use the Data Processing Activity Records module to outline how your company processes personal data. You can build an asset inventory, which shows the relationships between different systems so you know exactly what risk factors customer data is exposed to.
To view a quote for LogicGate you will have to contact the company directly. The price will depend on the number of users, whether it’s a single application, where it’s deployed, and any additional features you wish to use. You can request a demo.
privIQ is a piece of compliance software designed to comply with GDPR and 6 other data protection standards. The tool provides you with analysis capabilities to help run compliance assets and protection impact assessments to satisfy GDPR requirements. You can record your data processing activities and use data mapping exercises to manage risk factors and data breaches.
You can manage your GDPR compliance strategy through the dashboard. You can create users, assign tasks with due dates, and view these on the dashboard. You could create tasks that correlate to processing activities. Users also receive notifications when due dates are approaching to make sure that they have completed the task. The dashboard helps your team to stay on top of IT assets.
There are four versions of privIQ available to purchase: Professional, Business, Business +, and Enterprise. The Professional version costs $58.20 (£45) per month for up to nine employees with two users. The Business version costs $116.46 (£90) per month for 10-50 employees and two users.
The Business + version costs £145 per month for 51-250 employees with five users. The Enterprise version supports 250 plus employees and unlimited admins/users but you need to request a quote.
Netwrix Auditor is an auditing compliance platform that helps you to identify and protect GDPR data. Netwrix Auditor allows you to pinpoint the location of GDPR data right down to individual files and folders. Finding these files helps you to know which data you need to protect and where to find it in case of an emergency.
You can also implement access right controls to determine which users have permission to access individual files or folders. You can view reports that detail user access rights so you can see who has the necessary privileges to access what information, and whether permission was granted Directly or on a Group basis.
To monitor security risks Netwrix Auditor has a risk assessment function. You can run a risk assessment to find vulnerabilities in your identity and access settings. For example, you can view a summary of privacy risks such as User accounts with passwords not required and disabled computer accounts, alongside a Risk level.
If you’re looking for a tool to help you map out your data processing and identify potential vulnerabilities then Netwrix Auditor is worth investigating. However, you will have to request a quote from the company directly. You can download the 20-day free trial.
Really Simple Systems is a CRM platform that has an inbuilt user consent collection feature for the GDPR. The marketing module enables the user to collect data handling consent from customers.
Mailing and Consent Lists keep a record of when consent was given and from what IP address the consent came from. You can also allow customers to opt-in to receiving marketing communications (which is required by the GDPR).
There are four versions of Really Simple Systems: Free, Starter, Professional, and Enterprise. The Free version supports up to two users with 100 company records and 100 MB of document storage. The Starter version costs $14 (£9) per user per month, with 1,000 company records and 1GB of document storage.
The Professional version costs $30 (£20) per user per month, with 5,000 company records and 5GB document storage. The Enterprise version costs $46 (£32) per user per month with unlimited company records and document storage. You can sign up for a free trial.
Vigilant Software GDPR Manager is a basic GDPR compliance tool designed to help record compliance activity. The tool combines gap analysis, DSAR processes, data breach response, and third-party management features to comply with the requirements of European legislation. You can log personal data breaches and security events through the Breach report module.
There is a Gap analysis tool included with the Vigilant Software GDPR Manager called the Gap Analysis module. The Gap Analysis module allows you to assess your level of GDPR compliance. By using the tool you can identify ways to improve your cybersecurity strategy and avoid non-compliance activities.
To enable you to respond to data subject access requests there is a DSAR module. The user can log access requests making it easy to respond to requests within the two months’ time limit imposed by the GDPR.
Vigilant Software GDPR Manager also integrates with four other Vigilant Software products including vsRisk Cloud, Data Flow Mapping Tool, and Compliance Manager. The price of Vigilant Software GDPR Manager starts at $64.66 (£49.95) per month for a single user and $213.53 (£164.95) per month for a multi-user. You can request a demo.
OneTrust is a risk, compliance, and privacy management software solution that can be used to keep records necessary to meet GDPR regulations. Features include data mapping, privacy impact assessments, and risk management capabilities. For example, you can create a Readiness Assessment to evaluate where your security measures stand in relation to the GDPR. Readiness assessments are customizable but there are also templates built by a community of privacy experts.
Self-assessments can then be turned into reports in PDF format. Reports contain a color-coded Overall Readiness score and an Assessment Summary of Questions, Compliance Gaps, and more. Reports are great for evaluating your current data handling processes.
You can even build a data subject rights request portal. You can create a branded web form and link to it from your company’s site. You will then be notified automatically when a subject submits an access request. The request portals are extremely useful because it makes sure that you can handle access requests promptly.
If you require a tool for GDPR documentation and a general privacy management solution then OneTrust is worth evaluating. The price of OneTrust depends on the features you want to use and the size of your organization. You can request a 14-day free trial.
GDPR Compliance Software: Stay on Top of Data Access Requests
Using a GDPR compliance platform is a great way to eliminate any confusion and design a responsive data management strategy.
Whether that’s managing access rights with a tool like SolarWinds Access Rights Manager or managing data subject access requests through an online portal like OneTrust, there are plenty of options available to choose from. The best strategy is to find one that naturally integrates with your current compliance strategy.
GDPR Compliance FAQs
How does GDPR impact email campaigns?
GDPR governs the use of other people’s personal details and any email address that identifies a person is included in the definition. The key factor that influences email campaigns under GDPR is consent. That means you shouldn’t use bought contact lists unless the people on those lists have specifically agreed that their details can be passed on. If members of the public give you their email addresses in response to an offer for more information it is OK to send out relevant emails on the indicated topic to them.
How can I ensure GDPR compliance for my software development projects?
Use this checklist to ensure GDPR compliance on your software development project:
- Use a pseudonym Keep real personal data in a separate area of storage or memory and process each person by that reference name rather than by actual identifiers – a username would work as a pseudonym.
- Create feedback channels Include a feature in your app that enables users to request that all of their personal information is removed from the system. This should also allow them to demand that their data is transferred to another organization.
- Data breach tracking and reporting Your system should be secure. However, you should also have procedures in place in case of unauthorized disclosure. You must inform users and law enforcement within 72 hours of a data breach. So, have data loss protection in place in your app and make sure it includes retrospective event auditing.
- Privacy by default Default everything to be as anonymous as feasibly possible.
- Informed consent Get the users to express consent to any data storage event – the consent can be a single action at the beginning of your relationship with them.
Does GDPR only apply to electronic data?
The GDPR applies to all personal data which is processed by a business or organization. Non-personal data processed electronically is not included and personal data held on paper is included. However, paper-based records have to be in a structured format, so scribbled notes don’t count.
Where can I get GDPR compliance certification from?
There is a different governing body for GDPR in each country. Accredited GDPR auditors will be able to mediate your certification process.
Are Google Forms GDPR compliant?
The Google Forms app is just a format and so, in itself doesn’t cover any reason for compliance. What matters is what data you use Google Forms to gather and how you store that data.