Best GDPR Compliance Software

Remember the last time a company asked you for permission to hold your data? The chances are that it was because of the General Data Protection Regulation (GDPR), or GDPR. Even though the GDPR went into effect some years ago now, many companies are still coming to terms with the new data handling requirements.

Ηere is our list of the eleven best GDPR compliance software:

  1. SolarWinds Access Rights Manager (FREE TRIAL) The reporting engine of this access rights monitor will help you prove GDPR compliance.
  2. ManageEngine EventLog Analyzer (FREE TRIAL) This SIEM tool not only searches for security breaches, but it also confirms the ongoing security of sensitive data, making it great for demonstrating GDPR compliance.
  3. ManageEngine Endpoint DLP Plus (FREE TRIAL) This sensitive data management package can be tailored to the needs of specific security standards, including GDPR. Available for Windows Server.
  4. Perimeter 81 (GET DEMO) This package of cloud-based security tools combines connection security and access rights management to protect hybrid systems.
  5. LogicGate A cloud-based risk compliance assessor that helps you keep within GDPR requirements.
  6. privIQ This is a compliance assessor that offers guidance on what system security weaknesses need to be fixed to comply with GDPR, LGPD, PDPA, POPIA and KVKK.
  7. Netwrix Auditor Perform risk assessment, identify sensitive data, and implement access rights controls with this attractive tool.
  8. Wired Relations A SaaS package of privacy management tools that supports compliance with GDPR.
  9. Really Simple Systems CRM system with a data collection consent feature. Available in free and paid versions.
  10. Vigilant Software GDPR Manager A system GDPR compliance assessor that includes a breach event logger.
  11. OneTrust A risk assessor that tracks privacy and compliance problems and the efforts to close them off.

The best GDPR compliance software

Before we look at the list it’s important to take note of the GDPR’S main provisions:

  • Companies require the consent of customers to process their data.
  • Companies need to have a legitimate reason to hold data on their customers.
  • Customers have the right to be forgotten (or the right to have their data destroyed).
  • Companies must notify customers after a data breach.
  • Certain companies must appoint a data protection officer to oversee GDPR compliance.

These provisions apply to any company that holds data on EU citizens. Complying with these privacy regulations can be tricky, but a management software platform can make the process much easier. There is a range of GDPR compliance software platforms that allow you to access data, manage policies, and view data handling processes through one interface (which is particularly useful when responding to data breaches).

What should you look for in GDPR compliance software? 

We reviewed the market for GDPR compliance systems and analyzed the options based on the following criteria:

  • A package that can provide compliance auditing
  • A service that will prevent abuse of PII
  • Controls over file activity
  • Scanning for data movements
  • Services that can also impose controls for other data privacy standards
  • A free trial or demo version for a no-obligation assessment
  • Value for money in a tool that also provides complete compliance coverage

We used these selection criteria as guidelines in our assessment of compliance tools while also looking for a mix of cloud-based and on-premises solutions.

1. SolarWinds Access Rights Manager (FREE TRIAL)

SolarWinds access rights manager

SolarWinds Access Rights Manager is a user access monitoring tool that can be used to demonstrate GDPR compliance. SolarWinds Access Rights Manager monitors user access to personal data. The user can automate the provisioning and de-provisioning of user accounts to control who has access to sensitive information.

Key features:

  • Offers GDPR compliance in access controls
  • Audits Active Directory
  • Assists in AD management
  • Unifies and standardizes the management of multiple AD instances
  • Produces compliance reports

Why do we recommend it?

SolarWinds Access Rights Manager supplies the user access control reports needed to prove GDPR compliance. This system will improve your usage of Active Directory by providing a better front end that enables you to identify abandoned accounts and implement stronger password policies. These tools reinforce data and system security in general and they are specifically required to get GDPR certified. This package can also be used for compliance with PCI DSS, HIPAA, and CCPA.

The platform scans user accounts and identifies insecure configurations (that could be exploited by a bad actor). After identifying an insecure account, SolarWinds Access Rights Manager creates an alert so that a human user can begin remediation. Alerts help to respond more effectively if there is a risk to customer data and complies with GDPR regulations.

To help you with auditing, SolarWinds Access Rights Manager has reports. You can develop on-demand reports for Microsoft Exchange, SharePoint, permissions, and other assets to verify their safety. Having an audit trail helps show that your GDPR security controls are successfully protecting customer data.

Who is it recommended for?

Improving controls over Active Directory is a necessary function for any system manager that uses Microsoft and Windows-based software. So, any business would benefit from improving its management of AD with this tool. However, the ability to coordinate user accounts and permissions across the organization through better visibility of trees and forests, makes system management easier and this SolarWinds tool enables that synchronization.

Pros:

  • Can be used to quickly demonstrate GDPR compliance as well as adherence to other standards such as PCI-DSS and HIPAA
  • Pre-configured reports make it easy to demonstrate compliance
  • Any compliance issues are outlined after the scan and paired with remediation actions
  • Sysadmin can customize access rights and control in Windows and other applications

Cons:

  • In-depth platform designed for sysadmin which may take time to fully learn

If you’re looking to monitor user access and satisfy GDPR reporting requirements then SolarWinds Access Rights Manager is very useful. SolarWinds Access Rights Manager starts at a price of $3,444 (£2,615). You can download the 30-day free trial.

SolarWinds Access Rights Manager Download 30-day FREE Trial

2. ManageEngine EventLog Analyzer (FREE TRIAL)

ManageEngine EventLog Analyzer

ManageEngine EventLog Analyzer is a log analysis tool that can be used to comply with GDPR requirements. With ManageEngine EventLog Analyzer you can collect and analyze log data from across your network. Log management allows you to verify that the devices in your network are secure.

Key features:

  • System security monitoring
  • Logs security measures for compliance
  • Stores event logs for compliance auditing

Why do we recommend it?

ManageEngine EventLog Analyzer collects log messages from across an organization, consolidates them, files them, and analyzes them for threats. The management of logs is a vital requirement for GDPR and other data protection standards, such as SOX, HIPAA, and PCI DSS. This is because log files expose breaches and securing these against tampering forces a business to declare a security breach. So, compliance auditing is vital for certification and EventLogAnayzer provides this audit trail and includes out-of-the-box compliance reporting.

There are also compliance audit reports to help you develop a record of risks. There are compliance reports compatible with PCI DSS, FISMA, GLBA, SOX, HIPAA, ISO 27001 that can also be used with the GDPR. These reports can be scheduled so that you periodically view security risks.

Who is it recommended for?

All businesses that need to comply with GDPR will have to provide log auditing utilities, so this tool is essential for all such businesses. The tool is very comprehensive and offered in three editions, which makes it accessible to businesses of all sizes. Small businesses that are a little too big for the Free edition, which collects logs from five sources, might find the Premium edition a little pricey. The package runs on Windows Server and Linux.

Pros:

  • Customizable dashboards that work great for network operation centers
  • Multiple alert channels ensure teams are notified across SMS, email, or app integration
  • Supports major compliance standards such as GDPR, PCI-DSS, FISMA, SOX, and HIPAA
  • Supports file integrity monitoring that can act as an early warning system for ransomware, data theft, and permission access issues.
  • Forensic log audit features enable admins to create reports for legal cases or investigations.

Cons:

  • Is part of a larger monitoring platform, takes time to fully explore the tool and its uses

There are three editions of ManageEngine EventLog Analyzer: Free Edition, Premium, and Distributed. The Free Edition supports up to five log sources with compliance reports free of charge. The Premium edition starts at $595 (£459.99) per year with support for 10-1000 log sources and to log forensic analysis.

The Distributed edition starts at $2,495 (£1,928) with support for 50-unlimited log sources with distributed central-collector architecture. You can download a 30-day free trial.

ManageEngine EventLog Analyzer Download 30-day FREE Trial

3. ManageEngine Endpoint DLP Plus (FREE TRIAL)

ManageEngine Endpoint DLP Plus

ManageEngine Endpoint DLP Plus operates its data protection system through security policies. You need to set up a data control policy within the console and this task is facilitated by a library of templates. Select a template that offers presets for specific standards, such as GDPR.

Key features:

  • Tailored security policies
  • GDPR Compliance
  • Data protection

Why do we recommend it?

ManageEngine Endpoint DLP Plus is a comprehensive package that implements data discovery and classification and then implements data access controls in line with a stated data protection standard. GDPR is among the options that can be specified in the settings for this tool and that will automatically calibrate the system for GDPR compliance.

Once the policy has been defined, the package will search all endpoints connected to the network and scan for data that is defined as sensitive by your chosen policy. The tool is able to spot data that is separated across documents that, when read together constitutes sensitive data. It can also scan images with OCR. The system then categorizes each data instance, which enables different types of data to be managed in different ways.

Data protection measures include user monitoring to identify insider threats and controls over data movements. Sites that permit BYOD can use a data containerization utility in the package, which keeps corporate data away from the operating systems of user-owned devices. Controls extend to data movement to cloud platforms, onto USBs, and through emails.

Who is it recommended for?

This tool is actually a bundle and it includes the DataSecurity Plus tool, which performs the discovery and classification function. The service is good for any size of business and the Free edition for small businesses will manage data on 25 endpoints, which is a generous allowance. Multi-site businesses are also catered for. The on-premises software package is only available for Windows Server.

Pros:

  • The option to designate trusted applications for data processing
  • Security for data access from user-owned devices
  • Sensitive data movement controls
  • Insider threat detection

Cons:

  • No cloud version

ManageEngine Endpoint DLP Plus runs on Windows Server. There is a Free edition of the software that is limited to monitoring 25 endpoints. The full edition is called Professional and it will manage all of the endpoints on a network. The package can be extended to monitor multiple sites from one console. You can assess the software on a 30-day free trial.

ManageEngine Endpoint DLP Plus Download 30-day FREE Trial

4. Perimeter 81 (GET DEMO)

perimeter81

Perimeter 81 provides system security and activity tracking that can be tied into compliance reporting for GDPR. The protection of data requires constant monitoring and just saying that you have security in place is not good enough. That’s why you need to log the activities of users with respect to data access and also log the responses of your security software., Perimeter 81 provides these records that count toward your compliance auditing and reporting.

Key features:

  • Protects data stores
  • Controls access to applications
  • Secures connections

Perimeter 81 doesn’t include a sensitive data discovery tool, so you would need to use a third-party tool to locate data stores that need extra protection. However, once you have located those data files, you can choose to centralize their storage and protect that location with file integrity monitoring by applying security policies in the Perimeter 81 console.

Access controls in the user access app let you block or permit access to specific directories on your files storage system, whether it is located on your servers or on the cloud. Use CASB and firewall security policies to implement data loss prevention. Activity tracking is the final piece in the puzzle because it allows you to identify which user had access to which files and when.

Pros:

  • Implements connection encryption and access blocks via VPNs
  • Blocks users from even knowing of the existence of resources to which they are not permitted access
  • Provides DLP through cloud-based security policies and firewalling
  • Integrates access rights management into connection security

Cons:

  • No sensitive data discovery tool

The Perimeter 81 platform is charged for by subscription with four plans – each successively pricier plan has more features. The cheapest plan, called Essentials, costs $8 per user plus $40 per site each month. You can get a demo of the Perimeter 81 system to understand its capabilities.

Perimeter 81 Access a FREE Demo

5. LogicGate

LogicGate

LogicGate is a web-based automated risk compliance solution that satisfies many requirements of the GDPR. Through the LogicGate portal customers can launch a Data Access Request, Data Correction Request, Data Portability Request, and Data Removal Request. You can use the platform to respond to access requests and make sure that you’re not breaching the GDPR.

Key features:

  • A SaaS platform
  • Risk assessment for GDPR
  • Serves DSARs (Data Subject Access Requests)

Why do we recommend it?

LogicGate is a governance, risk management, and compliance (GRC) platform and it can be tailored to identify problems and goals in your company’s compliance journey. This package is particularly useful for dealing with the breach notification process and managing the obligations to respond to inquiries from members of the public bout the data that is being held about them.

In the event of a breach, you can use the breach response process to respond within 72 hours. There are automated alerts to notify the authorities when you’ve discovered a breach. Being able to identify and respond to breaches promptly makes sure that you’re doing everything necessary to protect customer privacy.

More generally you can use the Data Processing Activity Records module to outline how your company processes personal data. You can build an asset inventory, which shows the relationships between different systems so you know exactly what risk factors customer data is exposed to.

Who is it recommended for?

Any business that has to comply with GRC is going to need a DSAR management tool, so this package is essential for that function alone. However, the importance of LogicGate extends to its risk assessment and breach reporting services as well. Small businesses will struggle with the requirements of GDPR and, although promoting the management of PII, the LogicGate doesn’t really remove the time-consuming tasks of GDPR compliance.

Pros:

  • Supports GDPR as well as other popular compliance standards
  • Features a customer portal where third parties can make data requests in a secure and auditable way
  • Automated alerts can keep teams informed of compliance issues as well as breaches
  • A sysadmin can build their own asset inventories and apply custom permissions based on their needs

Cons:

  • Pricing is not transparent
  • Must contact sales for a demo, no free download

To view a quote for LogicGate you will have to contact the company directly. The price will depend on the number of users, whether it’s a single application, where it’s deployed, and any additional features you wish to use. You can request a demo.

6. privIQ

PrivIQ DashBoard Screenshot

privIQ is a piece of compliance software designed to comply with GDPR and 6 other data protection standards. The tool provides you with analysis capabilities to help run compliance assets and protection impact assessments to satisfy GDPR requirements. You can record your data processing activities and use data mapping exercises to manage risk factors and data breaches.

Key features:

  • Maps compliance to GDPR, LGPD, PDPA, POPIA, and KVKK
  • Offers compliance readiness task tracking
  • Includes best practices guides

Why do we recommend it?

The privIQ package caters to a number of data security standards, not just GDPR. This tool is good for getting the business fit for GDPR. It assesses your system, identifies security weaknesses, locates GDPR-qualifying data, and provides a road map to sorting out confidentiality issues. The change management project planning and tracking feature in the package is probably the most useful tool in the privIQ system.

You can manage your GDPR compliance strategy through the dashboard. You can create users, assign tasks with due dates, and view these on the dashboard. You could create tasks that correlate to processing activities. Users also receive notifications when due dates are approaching to make sure that they have completed the task. The dashboard helps your team to stay on top of IT assets.

There are four versions of privIQ available to purchase: Professional, Business, Business +, and Enterprise. The Professional version costs $58.20 (£45) per month for up to nine employees with two users. The Business version costs $116.46 (£90) per month for 10-50 employees and two users.

Who is it recommended for?

Small businesses are going to have the most difficulty when implementing GDPR compliance and privIQ is a good option for this category of enterprise because there is an edition of the platform tailored to their requirements. Finding the time and the budget to fix all of the issues that need to be sorted out to gain compliance can be overwhelming for small businesses that have little spare capacity, so the guidelines and plans that privIQ provides are a great help. Mid-sized and large businesses also have suitably sized editions of privIQ available to them.

Pros:

  • Offers out-of-box reporting for faster compliance results
  • Comes in four pricing packages, making it ideal for any size businesses
  • Great visual reports and flow charts help map complicated permission structures

Cons:

  • Web client can lag at times

The Business + version costs £145 per month for 51-250 employees with five users. The Enterprise version supports 250 plus employees and unlimited admins/users but you need to request a quote.

7. Netwrix Auditor

NetWrix Auditor Dashboard

Netwrix Auditor is an auditing compliance platform that helps you to identify and protect GDPR data. Netwrix Auditor allows you to pinpoint the location of GDPR data right down to individual files and folders. Finding these files helps you to know which data you need to protect and where to find it in case of an emergency.

Key features:

  • Discovery and classification of sensitive data
  • Data access logging
  • Access rights controls

Why do we recommend it?

Netwrix Auditor is a compliance management platform. It alters its parameters automatically when you specify which data security standard you are following. The tool identifies the locations of sensitive data and promotes clean user account records in Active Directory to tighten up access controls. The tool, as the name suggests, also provides system security auditing, which results in recommendations for improvements and actual compliance reporting once you have hit the requirements target.

You can also implement access right controls to determine which users have permission to access individual files or folders. You can view reports that detail user access rights so you can see who has the necessary privileges to access what information, and whether permission was granted Directly or on a Group basis.

To monitor security risks Netwrix Auditor has a risk assessment function. You can run a risk assessment to find vulnerabilities in your identity and access settings. For example, you can view a summary of privacy risks such as User accounts with passwords not required and disabled computer accounts, alongside a Risk level.

Who is it recommended for?

Netwrix Auditor makes security tightening for compliance with GDPR an easy project, thanks to extensive scanning, recommendations, and guidance. However, this package is probably a bit too much for small businesses that would be able to manage issues such as abandoned accounts with manual checks. All other sizes of businesses would benefit from the Netwrix system.

Pros:

  • Easy-to-use interface
  • Can automatically identify and map GDPR data
  • Can edit permissions based on groups, individual users, or in bulk
  • Risk level is calculated based on a number of variables detected during the scan

Cons:

  • Trial period could be longer
  • Alerting needs improvement, more customization options
  • Could use more self-help and guided training resources

If you’re looking for a tool to help you map out your data processing and identify potential vulnerabilities then Netwrix Auditor is worth investigating. However, you will have to request a quote from the company directly. You can download the 20-day free trial.

8. Wired Relations

Wired Relations Privacy Software Dashboard

Wired Relations is a cloud service that offers compliance tools for GDRP, ISO 27001 / 27701 and other privacy programs. This system has a number of useful modules that include an eDiscovery tool and a data classification module. It also has a third-party risk management service built-in.

Key features:

  • SaaS platform
  • Discovers and classifies sensitive data
  • Data mapping
  • Assesses third-party risk

Why do we recommend it?

Wired Relations is a great tool for collaboration over compliance issues. With this system, teams can communicate, plan, track, and report on tasks to get compliant with GDPR and maintain a good data governance strategy. The system helps businesses that are new to GDPR get up to speed and identify responsible officers within each department to ensure that data governance is set up and complied with.

The eDiscovery system reaches out to supplier hosts, so you can map your data no matter where it is located. The location of each datastore is clearly flagged. This service is automated and continuous, so when new data locations arise, the Wired Relations system spots them.

The third-party assessment module includes a data processing agreement management system. This also notes the location of each supplier, which is very important for GDPR. The tool also includes a processing documentation guide, so you know exactly what your obligations are under GDPR.

The data mapping makes it easy to present a Register of Processing Activities when an organization is asked to document compliance.

Moreover, the system has an easy-to-use Task Manager making it easy to collaborate throughout your organization. With the task manager, you can drag-and-drop to-dos and controls.

Who is it recommended for?

This collaboration and task-tracing service are ideal for mid-sized businesses that are tackling compliance issues without the assistance of an expensive consultancy. Small businesses with few workers won’t need the meditation of technology to communicate plans. Large businesses have the money and resources to go big with projects. So, this tool is for all of the enterprises in between those two extremes.

Pros:

  • Operates as a cloud-based service, no complicated onboarding or installs
  • Can automatically identify and classify data on your network to help aid in GDPR compliance
  • Simple yet informative interface gives you a great overlook of your compliance audit and current standing
  • Can be set up for continuous scanning – great for long term use

Cons:

  • Would like to see a longer 30-day trial

The Wired Relations system is a subscription service with three editions. The Essentials Pro plan includes all of the tools that you need for compliance. The Pro edition adds on controls management and a risk assessment module. The top plan, called Premium, has a lot more features, including data tagging. You can access a  free demo.

9. Really Simple Systems

Really Simple Systems

Really Simple Systems is a CRM platform that has an inbuilt user consent collection feature for the GDPR. The marketing module enables the user to collect data handling consent from customers.

Key features:

  • CRM system
  • Includes consent management
  • Free version available

Why do we recommend it?

Really Simple Systems isn’t a GRC platform, instead, it is a marketing tool that ensures it keeps within GDPR requirements for managing the personal data of members of the public. GDPR doesn’t ban the management of data about business contacts. It is specifically concerned with the storage of personal information about members of the public. As the PII definition includes email addresses, the implementation of GDPR caused a real headache for email marketers. This tool addresses these problems by gaining consent for PII storage and usage up front.

Mailing and Consent Lists keep a record of when consent was given and from what IP address the consent came from. You can also allow customers to opt-in to receiving marketing communications (which is required by the GDPR).

Who is it recommended for?

This system is particularly useful for businesses that maintain contact with members of the general public with the intention of reminding those potential customers of the business’s existence. Targeted marketing requires intel on details about potential customers and storing that kind of data or worse, analyzing it, can get you into big trouble. Really Simple Systems writes up a consent form that gives you the permission to carry out your marketing arts and records responses in case of comebacks.

Pros:

  • Combination CRM that includes a GDPR consent function
  • Templates allow you to easily create GDPR compliant opt-ins
  • Great option for smaller businesses

Cons:

  • Lacks in-depth reporting for other compliance standards
  • Not a great option if you’re already happy with a CRM system

There are four versions of Really Simple Systems: Free, Starter, Professional, and Enterprise. The Free version supports up to two users with 100 company records and 100 MB of document storage. The Starter version costs $14 (£9) per user per month, with 1,000 company records and 1GB of document storage.

The Professional version costs $30 (£20) per user per month, with 5,000 company records and 5GB document storage. The Enterprise version costs $46 (£32) per user per month with unlimited company records and document storage. You can sign up for a free trial.

10. Vigilant Software GDPR Manager

Vigilant Software GDPR Manager

Vigilant Software GDPR Manager is a basic GDPR compliance tool designed to help record compliance activity. The tool combines gap analysis, DSAR processes, data breach response, and third-party management features to comply with the requirements of European legislation. You can log personal data breaches and security events through the Breach report module.

Key features:

  • GDPR compliance assessor
  • Breach detection and logging
  • Compliance reporting

Why do we recommend it?

Unfortunately, GDPR compliance is complicated and there are too many dos and don’ts to keep in your head. The Vigilant Software GDPR Manager simplifies these complexities by identifying where your procedures need to be tightened and it will also manage the paperwork for issues such as breach reporting and DSAR processing. The tool can only help you once you have set it up to properly define your business, so it can take a lot of time to get up and running.

There is a Gap analysis tool included with the Vigilant Software GDPR Manager called the Gap Analysis module. The Gap Analysis module allows you to assess your level of GDPR compliance. By using the tool you can identify ways to improve your cybersecurity strategy and avoid non-compliance activities.

To enable you to respond to data subject access requests there is a DSAR module. The user can log access requests making it easy to respond to requests within the two months’ time limit imposed by the GDPR.

Who is it recommended for?

This tool is probably too much for small businesses to manage but just about right for mid-sized enterprises. The system can help support a compliance manager who doesn’t have any assistance from a department to run compliance.

Pros:

  • Highly visual dashboard that is easy to customize
  • Utilizes gap analysis to help identify remediation actions to reach GDPR compliance
  • Has a built-in data access request feature, great for audited information sharing
  • Can easily log and access breaches

Cons:

  • Can be complicated to set up
  • Might be overkill for smaller businesses – designed for enterprise use

Vigilant Software GDPR Manager also integrates with four other Vigilant Software products including vsRisk Cloud, Data Flow Mapping Tool, and Compliance Manager. The price of Vigilant Software GDPR Manager starts at $64.66 (£49.95) per month for a single user and $213.53 (£164.95) per month for a multi-user. You can request a demo.

11. OneTrust

OneTrust

OneTrust is a risk, compliance, and privacy management software solution that can be used to keep records necessary to meet GDPR regulations. Features include data mapping, privacy impact assessments, and risk management capabilities. For example, you can create a Readiness Assessment to evaluate where your security measures stand in relation to the GDPR. Readiness assessments are customizable but there are also templates built by a community of privacy experts.

Key features:

  • Logs data access events
  • Risk assessment
  • Compliance reporting

Why do we recommend it?

OneTrust is a cloud-based compliance system with different flavors that cater to different standards. It has a tailored package for GDPR compliance. This is a big system and, although it includes automation, still caters to businesses that have many departments that are too numerous for a single GRC officer to coordinate. The service enables many roles that need to get involved in ensuring GSPR. These will be people placed in different sections of the business, such as purchasing, accounting, IT security, and IT operations.

Self-assessments can then be turned into reports in PDF format. Reports contain a color-coded Overall Readiness score and an Assessment Summary of Questions, Compliance Gaps, and more. Reports are great for evaluating your current data handling processes.

You can even build a data subject rights request portal. You can create a branded web form and link to it from your company’s site. You will then be notified automatically when a subject submits an access request. The request portals are extremely useful because it makes sure that you can handle access requests promptly.

Who is it recommended for?

This is a system for large businesses with people who are physically too far apart to regularly get together in person. The service will coordinate the efforts of a dispersed team who have a collective responsibility to ensure GDPR compliance.

Pros:

  • Barebones interface keeps things simple and straightforward
  • Self-assessments can easily be converted into reports to demonstrate compliance
  • Comes with a prebuilt rights request portal
  • Provides insights to reach compliance through gap analysis

Cons:

  • Would benefit from a longer 30-day trial
  • Could use more preconfigured workflows and reports that work out of the box
  • Alert customization can be confusing

If you require a tool for GDPR documentation and a general privacy management solution then OneTrust is worth evaluating. The price of OneTrust depends on the features you want to use and the size of your organization. You can request a 14-day free trial.

GDPR Compliance Software: Stay on Top of Data Access Requests 

Using a GDPR compliance platform is a great way to eliminate any confusion and design a responsive data management strategy.

Whether that’s managing access rights with a tool like SolarWinds Access Rights Manager or managing data subject access requests through an online portal like OneTrust, there are plenty of options available to choose from. The best strategy is to find one that naturally integrates with your current compliance strategy.

GDPR Compliance FAQs

How does GDPR impact email campaigns?

GDPR governs the use of other people’s personal details and any email address that identifies a person is included in the definition. The key factor that influences email campaigns under GDPR is consent. That means you shouldn’t use bought contact lists unless the people on those lists have specifically agreed that their details can be passed on. If members of the public give you their email addresses in response to an offer for more information it is OK to send out relevant emails on the indicated topic to them.

How can I ensure GDPR compliance for my software development projects?

Use this checklist to ensure GDPR compliance on your software development project:

  • Use a pseudonym Keep real personal data in a separate area of storage or memory and process each person by that reference name rather than by actual identifiers – a username would work as a pseudonym.
  • Create feedback channels Include a feature in your app that enables users to request that all of their personal information is removed from the system. This should also allow them to demand that their data is transferred to another organization.
  • Data breach tracking and reporting Your system should be secure. However, you should also have procedures in place in case of unauthorized disclosure. You must inform users and law enforcement within 72 hours of a data breach. So, have data loss protection in place in your app and make sure it includes retrospective event auditing. 
  • Privacy by default Default everything to be as anonymous as feasibly possible. 
  • Informed consent Get the users to express consent to any data storage event – the consent can be a single action at the beginning of your relationship with them. 

Does GDPR only apply to electronic data?

The GDPR applies to all personal data which is processed by a business or organization. Non-personal data processed electronically is not included and personal data held on paper is included. However, paper-based records have to be in a structured format, so scribbled notes don’t count.

Where can I get GDPR compliance certification from?

There is a different governing body for GDPR in each country. Accredited GDPR auditors will be able to mediate your certification process.

Are Google Forms GDPR compliant?

The Google Forms app is just a format and so, in itself doesn’t cover any reason for compliance. What matters is what data you use Google Forms to gather and how you store that data.