Remember the last time a company asked you for permission to hold your data? The chances are that it was because of the General Data Protection Regulation (GDPR), or GDPR. Even though the GDPR went into effect some years ago now, many companies are still coming to terms with the new data handling requirements.
If you haven’t got time to read the whole post and came for the tools, here is our list of the best GDPR compliance software:
- SolarWinds Access Rights Manager (FREE TRIAL) The reporting engine of this access rights monitor will help you prove GDPR compliance.
- ManageEngine EventLog Analyzer (FREE TRIAL) This SIEM tool not only searches for security breaches, but it also confirms the ongoing security of sensitive data, making it great for demonstrating GDPR compliance.
- LogicGate A cloud-based risk compliance assessor that helps you keep within GDPR requirements.
- privIQ This is a compliance assessor that offers guidance on what system security weaknesses need to be fixed to comply with GDPR, LGPD, PDPA, POPIA and KVKK.
- Netwrix Auditor Perform risk assessment, identify sensitive data, and implement access rights controls with this attractive tool.
- Wired Relations A SaaS package of privacy management tools that supports compliance with GDPR.
- Really Simple Systems CRM system with a data collection consent feature. Available in free and paid versions.
- Vigilant Software GDPR Manager A system GDPR compliance assessor that includes a breach event logger.
- OneTrust A risk assessor that tracks privacy and compliance problems and the efforts to close them off.
The best GDPR compliance software
Before we look at the list it’s important to take note of the GDPR’S main provisions:
- Companies require the consent of customers to process their data.
- Companies need to have a legitimate reason to hold data on their customers.
- Customers have the right to be forgotten (or the right to have their data destroyed).
- Companies must notify customers after a data breach.
- Certain companies must appoint a data protection officer to oversee GDPR compliance.
These provisions apply to any company that holds data on EU citizens. Complying with these privacy regulations can be tricky, but a management software platform can make the process much easier. There is a range of GDPR compliance software platforms that allow you to access data, manage policies, and view data handling processes through one interface (which is particularly useful when responding to data breaches).
What should you look for in GDPR compliance software?
We reviewed the market for GDPR compliance systems and analyzed the options based on the following criteria:
- A package that can provide compliance auditing
- A service that will prevent abuse of PII
- Controls over file activity
- Scanning for data movements
- Services that can also impose controls for other data privacy standards
- A free trial or demo version for a no-obligation assessment
- Value for money in a tool that also provides complete compliance coverage
We used these selection criteria as guidelines in our assessment of compliance tools while also looking for a mix of cloud-based and on-premises solutions.
SolarWinds Access Rights Manager is a user access monitoring tool that can be used to demonstrate GDPR compliance. SolarWinds Access Rights Manager monitors user access to personal data. The user can automate the provisioning and de-provisioning of user accounts to control who has access to sensitive information.
- Offers GDPR compliance in access controls
- Audits Active Directory
- Assists in AD management
- Unifies and standardizes the management of multiple AD instances
- Produces compliance reports
The platform scans user accounts and identifies insecure configurations (that could be exploited by a bad actor). After identifying an insecure account, SolarWinds Access Rights Manager creates an alert so that a human user can begin remediation. Alerts help to respond more effectively if there is a risk to customer data and complies with GDPR regulations.
To help you with auditing, SolarWinds Access Rights Manager has reports. You can develop on-demand reports for Microsoft Exchange, SharePoint, permissions, and other assets to verify their safety. Having an audit trail helps show that your GDPR security controls are successfully protecting customer data.
- Can be used to quickly demonstrate GDPR compliance as well as adherence to other standards such as PCI-DSS and HIPAA
- Pre-configured reports make it easy to demonstrate compliance
- Any compliance issues are outlined after the scan and paired with remediation actions
- Sysadmin can customize access rights and control in Windows and other applications
- In-depth platform designed for sysadmin which may take time to fully learn
If you’re looking to monitor user access and satisfy GDPR reporting requirements then SolarWinds Access Rights Manager is very useful. SolarWinds Access Rights Manager starts at a price of $3,444 (£2,615). You can download the 30-day free trial.
ManageEngine EventLog Analyzer is a log analysis tool that can be used to comply with GDPR requirements. With ManageEngine EventLog Analyzer you can collect and analyze log data from across your network. Log management allows you to verify that the devices in your network are secure.
- System security monitoring
- Logs security measures for compliance
- Stores event logs for compliance auditing
There are also compliance audit reports to help you develop a record of risks. There are compliance reports compatible with PCI DSS, FISMA, GLBA, SOX, HIPAA, ISO 27001 that can also be used with the GDPR. These reports can be scheduled so that you periodically view security risks.
- Customizable dashboards that work great for network operation centers
- Multiple alert channels ensure teams are notified across SMS, email, or app integration
- Supports major compliance standards such as GDPR, PCI-DSS, FISMA, SOX, and HIPAA
- Supports file integrity monitoring that can act as an early warning system for ransomware, data theft, and permission access issues.
- Forensic log audit features enable admins to create reports for legal cases or investigations.
- Is part of a larger monitoring platform, takes time to fully explore the tool and its uses
There are three editions of ManageEngine EventLog Analyzer: Free Edition, Premium, and Distributed. The Free Edition supports up to five log sources with compliance reports free of charge. The Premium edition starts at $595 (£459.99) per year with support for 10-1000 log sources and to log forensic analysis.
The Distributed edition starts at $2,495 (£1,928) with support for 50-unlimited log sources with distributed central-collector architecture. You can download a 30-day free trial.
LogicGate is a web-based automated risk compliance solution that satisfies many requirements of the GDPR. Through the LogicGate portal customers can launch a Data Access Request, Data Correction Request, Data Portability Request, and Data Removal Request. You can use the platform to respond to access requests and make sure that you’re not breaching the GDPR.
- A SaaS platform
- Risk assessment for GDPR
- Serves DSARs (Data Subject Access Requests)
In the event of a breach, you can use the breach response process to respond within 72 hours. There are automated alerts to notify the authorities when you’ve discovered a breach. Being able to identify and respond to breaches promptly makes sure that you’re doing everything necessary to protect customer privacy.
More generally you can use the Data Processing Activity Records module to outline how your company processes personal data. You can build an asset inventory, which shows the relationships between different systems so you know exactly what risk factors customer data is exposed to.
- Supports GDPR as well as other popular compliance standards
- Features a customer portal where third parties can make data requests in a secure and auditable way
- Automated alerts can keep teams informed of compliance issues as well as breaches
- A sysadmin can build their own asset inventories and apply custom permissions based on their needs
- Pricing is not transparent
- Must contact sales for a demo, no free download
To view a quote for LogicGate you will have to contact the company directly. The price will depend on the number of users, whether it’s a single application, where it’s deployed, and any additional features you wish to use. You can request a demo.
privIQ is a piece of compliance software designed to comply with GDPR and 6 other data protection standards. The tool provides you with analysis capabilities to help run compliance assets and protection impact assessments to satisfy GDPR requirements. You can record your data processing activities and use data mapping exercises to manage risk factors and data breaches.
- Maps compliance to GDPR, LGPD, PDPA, POPIA, and KVKK
- Offers compliance readiness task tracking
- Includes best practices guides
You can manage your GDPR compliance strategy through the dashboard. You can create users, assign tasks with due dates, and view these on the dashboard. You could create tasks that correlate to processing activities. Users also receive notifications when due dates are approaching to make sure that they have completed the task. The dashboard helps your team to stay on top of IT assets.
There are four versions of privIQ available to purchase: Professional, Business, Business +, and Enterprise. The Professional version costs $58.20 (£45) per month for up to nine employees with two users. The Business version costs $116.46 (£90) per month for 10-50 employees and two users.
- Offers out-of-box reporting for faster compliance results
- Comes in four pricing packages, making it ideal for any size businesses
- Great visual reports and flow charts help map complicated permission structures
- Web client can lag at times
The Business + version costs £145 per month for 51-250 employees with five users. The Enterprise version supports 250 plus employees and unlimited admins/users but you need to request a quote.
Netwrix Auditor is an auditing compliance platform that helps you to identify and protect GDPR data. Netwrix Auditor allows you to pinpoint the location of GDPR data right down to individual files and folders. Finding these files helps you to know which data you need to protect and where to find it in case of an emergency.
- Discovery and classification of sensitive data
- Data access logging
- Access rights controls
You can also implement access right controls to determine which users have permission to access individual files or folders. You can view reports that detail user access rights so you can see who has the necessary privileges to access what information, and whether permission was granted Directly or on a Group basis.
To monitor security risks Netwrix Auditor has a risk assessment function. You can run a risk assessment to find vulnerabilities in your identity and access settings. For example, you can view a summary of privacy risks such as User accounts with passwords not required and disabled computer accounts, alongside a Risk level.
- Easy to use interface
- Can automatically identify and map GDPR data
- Can edit permissions based on groups, individual users, or in bulk
- Risk level is calculated based on a number of variables detected during the scan
- Trial period could be longer
- Alerting needs improvement, more customization options
- Could use more self-help and guided training resources
If you’re looking for a tool to help you map out your data processing and identify potential vulnerabilities then Netwrix Auditor is worth investigating. However, you will have to request a quote from the company directly. You can download the 20-day free trial.
Wired Relations is a cloud service that offers compliance tools for GDRP, ISO 27001 / 27701 and other privacy programs. This system has a number of useful modules that include an eDiscovery tool and a data classification module. It also has a third-party risk management service built-in.
- SaaS platform
- Discovers and classifies sensitive data
- Data mapping
- Assesses third-party risk
The eDiscovery system reaches out to supplier hosts, so you can map your data no matter where it is located. The location of each datastore is clearly flagged. This service is automated and continuous, so when new data locations arise, the Wired Relations system spots them.
The third-party assessment module includes a data processing agreement management system. This also notes the location of each supplier, which is very important for GDPR. The tool also includes a processing documentation guide, so you know exactly what your obligations are under GDPR.
The data mapping makes it easy to present a Register of Processing Activities when an organization is asked to document compliance.
Moreover, the system has an easy-to-use Task Manager making it easy to collaborate throughout your organization. With the task manager, you can drag-and-drop to-dos and controls.
- Operates as a cloud-based service, no complicated onboarding or installs
- Can automatically identify and classify data on your network to help aid in GDPR compliance
- Simple yet informative interface gives you a great overlook of your compliance audit and current standing
- Can be set up for continuous scanning – great for long term use
- Would like to see a longer 30-day trial
The Wired Relations system is a subscription service with three editions. The Essentials Pro plan includes all of the tools that you need for compliance. The Pro edition adds on controls management and a risk assessment module. The top plan, called Premium, has a lot more features, including data tagging. You can access a free demo.
Really Simple Systems is a CRM platform that has an inbuilt user consent collection feature for the GDPR. The marketing module enables the user to collect data handling consent from customers.
- CRM system
- Includes consent management
- Free version available
Mailing and Consent Lists keep a record of when consent was given and from what IP address the consent came from. You can also allow customers to opt-in to receiving marketing communications (which is required by the GDPR).
- Combination CRM that includes a GDPR consent function
- Templates allow you to easily create GDPR compliant opt-ins
- Great option for smaller businesses
- Lacks in-depth reporting for other compliance standards
- Not a great option if you’re already happy with a CRM system
There are four versions of Really Simple Systems: Free, Starter, Professional, and Enterprise. The Free version supports up to two users with 100 company records and 100 MB of document storage. The Starter version costs $14 (£9) per user per month, with 1,000 company records and 1GB of document storage.
The Professional version costs $30 (£20) per user per month, with 5,000 company records and 5GB document storage. The Enterprise version costs $46 (£32) per user per month with unlimited company records and document storage. You can sign up for a free trial.
Vigilant Software GDPR Manager is a basic GDPR compliance tool designed to help record compliance activity. The tool combines gap analysis, DSAR processes, data breach response, and third-party management features to comply with the requirements of European legislation. You can log personal data breaches and security events through the Breach report module.
- GDPR compliance assessor
- Breach detection and logging
- Compliance reporting
There is a Gap analysis tool included with the Vigilant Software GDPR Manager called the Gap Analysis module. The Gap Analysis module allows you to assess your level of GDPR compliance. By using the tool you can identify ways to improve your cybersecurity strategy and avoid non-compliance activities.
To enable you to respond to data subject access requests there is a DSAR module. The user can log access requests making it easy to respond to requests within the two months’ time limit imposed by the GDPR.
- Highly visual dashboard that is easy to customize
- Utilizes gap analysis to help identify remediation actions to reach GDPR compliance
- Has a built-in data access request feature, great for audited information sharing
- Can easily log and access breaches
- Can be complicated to set up
- Might be overkill for smaller businesses – designed for enterprise use
Vigilant Software GDPR Manager also integrates with four other Vigilant Software products including vsRisk Cloud, Data Flow Mapping Tool, and Compliance Manager. The price of Vigilant Software GDPR Manager starts at $64.66 (£49.95) per month for a single user and $213.53 (£164.95) per month for a multi-user. You can request a demo.
OneTrust is a risk, compliance, and privacy management software solution that can be used to keep records necessary to meet GDPR regulations. Features include data mapping, privacy impact assessments, and risk management capabilities. For example, you can create a Readiness Assessment to evaluate where your security measures stand in relation to the GDPR. Readiness assessments are customizable but there are also templates built by a community of privacy experts.
- Logs data access events
- Risk assessment
- Compliance reporting
Self-assessments can then be turned into reports in PDF format. Reports contain a color-coded Overall Readiness score and an Assessment Summary of Questions, Compliance Gaps, and more. Reports are great for evaluating your current data handling processes.
You can even build a data subject rights request portal. You can create a branded web form and link to it from your company’s site. You will then be notified automatically when a subject submits an access request. The request portals are extremely useful because it makes sure that you can handle access requests promptly.
- Barebones interface keeps things simple and straightforward
- Self-assessments can easily be converted into reports to demonstrate compliance
- Comes with a prebuilt rights request portal
- Provides insights to reach compliance through gap analysis
- Would benefit from a longer 30-day trial
- Could use more preconfigured workflows and reports that work out of the box
- Alert customization can be confusing
If you require a tool for GDPR documentation and a general privacy management solution then OneTrust is worth evaluating. The price of OneTrust depends on the features you want to use and the size of your organization. You can request a 14-day free trial.
GDPR Compliance Software: Stay on Top of Data Access Requests
Using a GDPR compliance platform is a great way to eliminate any confusion and design a responsive data management strategy.
Whether that’s managing access rights with a tool like SolarWinds Access Rights Manager or managing data subject access requests through an online portal like OneTrust, there are plenty of options available to choose from. The best strategy is to find one that naturally integrates with your current compliance strategy.
GDPR Compliance FAQs
How does GDPR impact email campaigns?
GDPR governs the use of other people’s personal details and any email address that identifies a person is included in the definition. The key factor that influences email campaigns under GDPR is consent. That means you shouldn’t use bought contact lists unless the people on those lists have specifically agreed that their details can be passed on. If members of the public give you their email addresses in response to an offer for more information it is OK to send out relevant emails on the indicated topic to them.
How can I ensure GDPR compliance for my software development projects?
Use this checklist to ensure GDPR compliance on your software development project:
- Use a pseudonym Keep real personal data in a separate area of storage or memory and process each person by that reference name rather than by actual identifiers – a username would work as a pseudonym.
- Create feedback channels Include a feature in your app that enables users to request that all of their personal information is removed from the system. This should also allow them to demand that their data is transferred to another organization.
- Data breach tracking and reporting Your system should be secure. However, you should also have procedures in place in case of unauthorized disclosure. You must inform users and law enforcement within 72 hours of a data breach. So, have data loss protection in place in your app and make sure it includes retrospective event auditing.
- Privacy by default Default everything to be as anonymous as feasibly possible.
- Informed consent Get the users to express consent to any data storage event – the consent can be a single action at the beginning of your relationship with them.
Does GDPR only apply to electronic data?
The GDPR applies to all personal data which is processed by a business or organization. Non-personal data processed electronically is not included and personal data held on paper is included. However, paper-based records have to be in a structured format, so scribbled notes don’t count.
Where can I get GDPR compliance certification from?
There is a different governing body for GDPR in each country. Accredited GDPR auditors will be able to mediate your certification process.
Are Google Forms GDPR compliant?
The Google Forms app is just a format and so, in itself doesn’t cover any reason for compliance. What matters is what data you use Google Forms to gather and how you store that data.