The Best GDPR Compliance Software

Remember the last time a company asked you for permission to hold your data? The chances are that it was because of the General Data Protection Regulation (GDPR), or GDPR. Even though the GDPR went into effect some years ago now, many companies are still coming to terms with the new data handling requirements.

Here is our list of the best GDPR compliance software:

  1. SolarWinds Access Rights Manager (FREE TRIAL) The reporting engine of this access rights monitor will help you prove GDPR compliance. Start a 30-day free trial.
  2. ManageEngine EventLog Analyzer (FREE TRIAL) This SIEM tool not only searches for security breaches, but it also confirms the ongoing security of sensitive data, making it great for demonstrating GDPR compliance. Start a 30-day free trial.
  3. ManageEngine Endpoint DLP Plus (FREE TRIAL) This sensitive data management package can be tailored to the needs of specific security standards, including GDPR. Available for Windows Server. Start a 30-day free trial.
  4. Perimeter 81 (GET DEMO) This package of cloud-based security tools combines connection security and access rights management to protect hybrid systems. Get a demo.
  5. LogicGate A cloud-based risk compliance assessor that helps you keep within GDPR requirements.
  6. privIQ This is a compliance assessor that offers guidance on what system security weaknesses need to be fixed to comply with GDPR, LGPD, PDPA, POPIA, and KVKK.
  7. Netwrix Auditor Perform risk assessment, identify sensitive data, and implement access rights controls with this attractive tool.
  8. Wired Relations A SaaS package of privacy management tools that supports compliance with GDPR.
  9. Really Simple Systems CRM system with a data collection consent feature. Available in free and paid versions.
  10. Vigilant Software GDPR Manager A system GDPR compliance assessor that includes a breach event logger.
  11. OneTrust A risk assessor that tracks privacy and compliance problems and the efforts to close them off.

The Βest GDPR Compliance Software

Before we look at the list it’s important to take note of the GDPR’s main provisions:

  • Companies require the consent of customers to process their data.
  • Companies need to have a legitimate reason to hold data on their customers.
  • Customers have the right to be forgotten (or the right to have their data destroyed).
  • Companies must notify customers after a data breach.
  • Certain companies must appoint a data protection officer to oversee GDPR compliance.

These provisions apply to any company that holds data on EU citizens. Complying with these privacy regulations can be tricky, but a management software platform can make the process much easier. There is a range of GDPR compliance software platforms that allow you to access data, manage policies, and view data handling processes through one interface (which is particularly useful when responding to data breaches).

What should you look for in GDPR compliance software? 

We reviewed the market for GDPR compliance systems and analyzed the options based on the following criteria:

  • A package that can provide compliance auditing
  • A service that will prevent abuse of PII
  • Controls over file activity
  • Scanning for data movements
  • Services that can also impose controls for other data privacy standards
  • A free trial or demo version for a no-obligation assessment
  • Value for money in a tool that also provides complete compliance coverage

We used these selection criteria as guidelines in our assessment of compliance tools while also looking for a mix of cloud-based and on-premises solutions.

1. SolarWinds Access Rights Manager (FREE TRIAL)

SolarWinds access rights manager

SolarWinds Access Rights Manager is a user access monitoring tool that can be used to demonstrate GDPR compliance. SolarWinds Access Rights Manager monitors user access to personal data. The user can automate the provisioning and de-provisioning of user accounts to control who has access to sensitive information.

Key Features:

  • GDPR-Ready Access Controls: Provides tools to ensure access controls meet GDPR compliance standards.
  • Active Directory Audits: Offers comprehensive auditing capabilities for Active Directory, enhancing security.
  • AD Management Aid: Assists in the streamlined management of Active Directory for improved efficiency.
  • Unified AD Management: Simplifies the coordination of multiple Active Directory instances for consistent control.
  • Compliance Reporting: Generates detailed reports for compliance with GDPR, PCI DSS, HIPAA, and CCPA.

Why do we recommend it?

SolarWinds Access Rights Manager supplies the user access control reports needed to prove GDPR compliance. This system will improve your usage of Active Directory by providing a better front end that enables you to identify abandoned accounts and implement stronger password policies. These tools reinforce data and system security in general and they are specifically required to get GDPR certified. This package can also be used for compliance with PCI DSS, HIPAA, and CCPA.

The platform scans user accounts and identifies insecure configurations (that could be exploited by a bad actor). After identifying an insecure account, SolarWinds Access Rights Manager creates an alert so that a human user can begin remediation. Alerts help to respond more effectively if there is a risk to customer data and complies with GDPR regulations.

To help you with auditing, SolarWinds Access Rights Manager has reports. You can develop on-demand reports for Microsoft Exchange, SharePoint, permissions, and other assets to verify their safety. Having an audit trail helps show that your GDPR security controls are successfully protecting customer data.

Who is it recommended for?

Improving controls over Active Directory is a necessary function for any system manager that uses Microsoft and Windows-based software. So, any business would benefit from improving its management of AD with this tool. However, the ability to coordinate user accounts and permissions across the organization through better visibility of trees and forests, makes system management easier and this SolarWinds tool enables that synchronization.


  • Demonstrates Compliance Easily: Equips organizations with the necessary reports to quickly prove GDPR and other regulatory compliances.
  • Ready-to-Use Reports: Features pre-configured reports for easy compliance demonstration and audit preparation.
  • Guided Remediation: Identifies compliance issues and suggests actionable remediation steps to enhance security.
  • Customizable Access Control: Allows sysadmins to tailor access rights and permissions across various platforms.


  • Learning Curve: The platform’s depth and breadth may require a significant investment of time to master fully.

If you’re looking to monitor user access and satisfy GDPR reporting requirements then SolarWinds Access Rights Manager is very useful. SolarWinds Access Rights Manager starts at a price of $3,444 (£2,615). You can download the 30-day free trial.

SolarWinds Access Rights Manager Download 30-day FREE Trial

2. ManageEngine EventLog Analyzer (FREE TRIAL)

ManageEngine EventLog Analyzer

ManageEngine EventLog Analyzer is a log analysis tool that can be used to comply with GDPR requirements. With ManageEngine EventLog Analyzer you can collect and analyze log data from across your network. Log management allows you to verify that the devices in your network are secure.

Key Features:

  • Comprehensive Security Monitoring: Ensures system security through detailed monitoring and analysis of log data.
  • Compliance Logs Management: Documents security measures to aid in compliance with various standards.
  • Event Log Storage: Maintains event logs securely for necessary compliance auditing purposes.

Why do we recommend it?

ManageEngine EventLog Analyzer collects log messages from across an organization, consolidates them, files them, and analyzes them for threats. The management of logs is a vital requirement for GDPR and other data protection standards, such as SOX, HIPAA, and PCI DSS. This is because log files expose breaches and securing these against tampering forces a business to declare a security breach. So, compliance auditing is vital for certification and EventLogAnayzer provides this audit trail and includes out-of-the-box compliance reporting.

There are also compliance audit reports to help you develop a record of risks. There are compliance reports compatible with PCI DSS, FISMA, GLBA, SOX, HIPAA, ISO 27001 that can also be used with the GDPR. These reports can be scheduled so that you periodically view security risks.

Who is it recommended for?

All businesses that need to comply with GDPR will have to provide log auditing utilities, so this tool is essential for all such businesses. The tool is very comprehensive and offered in three editions, which makes it accessible to businesses of all sizes. Small businesses that are a little too big for the Free edition, which collects logs from five sources, might find the Premium edition a little pricey. The package runs on Windows Server and Linux.


  • Versatile Dashboard Customization: Offers customizable dashboards, ideal for network operations centers.
  • Broad Alerting Options: Provides multiple alert channels for comprehensive notification coverage via SMS, email, or app integrations.
  • Supports Key Compliance Standards: Meets requirements for GDPR, PCI DSS, FISMA, SOX, HIPAA, and more, ensuring wide regulatory compliance.
  • Enhanced File Integrity Monitoring: Offers monitoring capabilities that serve as a preemptive measure against ransomware, data theft, and unauthorized access.
  • In-depth Forensic Auditing: Facilitates forensic log audit features for creating detailed reports for legal or investigative purposes.


  • Complex Integration: As part of a larger suite, it may require significant time to explore and fully utilize all features and integrations.

There are three editions of ManageEngine EventLog Analyzer: Free Edition, Premium, and Distributed. The Free Edition supports up to five log sources with compliance reports free of charge. The Premium edition starts at $595 (£459.99) per year with support for 10-1000 log sources and to log forensic analysis.

The Distributed edition starts at $2,495 (£1,928) with support for 50-unlimited log sources with distributed central-collector architecture. You can download a 30-day free trial.

ManageEngine EventLog Analyzer Download 30-day FREE Trial

3. ManageEngine Endpoint DLP Plus (FREE TRIAL)

ManageEngine Endpoint DLP Plus

ManageEngine Endpoint DLP Plus operates its data protection system through security policies. You need to set up a data control policy within the console and this task is facilitated by a library of templates. Select a template that offers presets for specific standards, such as GDPR.

Key Features:

  • Custom Security Policies: Enables the creation of tailored security policies with GDPR compliance through a template library.
  • Data Protection: Implements comprehensive data protection measures, including data discovery, classification, and access control.

Why do we recommend it?

ManageEngine Endpoint DLP Plus is a comprehensive package that implements data discovery and classification and then implements data access controls in line with a stated data protection standard. GDPR is among the options that can be specified in the settings for this tool and that will automatically calibrate the system for GDPR compliance.

Once the policy has been defined, the package will search all endpoints connected to the network and scan for data that is defined as sensitive by your chosen policy. The tool is able to spot data that is separated across documents that, when read together constitutes sensitive data. It can also scan images with OCR. The system then categorizes each data instance, which enables different types of data to be managed in different ways.

Data protection measures include user monitoring to identify insider threats and controls over data movements. Sites that permit BYOD can use a data containerization utility in the package, which keeps corporate data away from the operating systems of user-owned devices. Controls extend to data movement to cloud platforms, onto USBs, and through emails.

Who is it recommended for?

This tool is actually a bundle and it includes the DataSecurity Plus tool, which performs the discovery and classification function. The service is good for any size of business and the Free edition for small businesses will manage data on 25 endpoints, which is a generous allowance. Multi-site businesses are also catered for. The on-premises software package is only available for Windows Server.


  • Trusted Application Designation: Allows specifying trusted applications for safe data handling, enhancing data security.
  • BYOD Security Measures: Offers data containerization for user-owned devices, segregating corporate data from personal environments.
  • Sensitive Data Movement Control: Provides stringent controls over the transfer of sensitive information to prevent unauthorized access.
  • Insider Threat Detection: Employs user monitoring to identify and mitigate potential insider threats effectively.


  • Lacks Cloud Support: Currently, there is no cloud-based version available, limiting deployment options for cloud-focused businesses.

ManageEngine Endpoint DLP Plus runs on Windows Server. There is a Free edition of the software that is limited to monitoring 25 endpoints. The full edition is called Professional and it will manage all of the endpoints on a network. The package can be extended to monitor multiple sites from one console. You can assess the software on a 30-day free trial.

ManageEngine Endpoint DLP Plus Download 30-day FREE Trial

4. Perimeter 81 (GET DEMO)


Perimeter 81 provides system security and activity tracking that can be tied into compliance reporting for GDPR. The protection of data requires constant monitoring and just saying that you have security in place is not good enough. That’s why you need to log the activities of users with respect to data access and also log the responses of your security software., Perimeter 81 provides these records that count toward your compliance auditing and reporting.

Key Features:

  • Data Store Protection: Ensures the safety of data repositories through rigorous monitoring and security policies.
  • Application Access Control: Manages and controls user access to applications to safeguard sensitive information.
  • Secure Connections: Strengthens network security by securing connections through encryption and VPN services.

Perimeter 81 doesn’t include a sensitive data discovery tool, so you would need to use a third-party tool to locate data stores that need extra protection. However, once you have located those data files, you can choose to centralize their storage and protect that location with file integrity monitoring by applying security policies in the Perimeter 81 console.

Access controls in the user access app let you block or permit access to specific directories on your files storage system, whether it is located on your servers or on the cloud. Use CASB and firewall security policies to implement data loss prevention. Activity tracking is the final piece in the puzzle because it allows you to identify which user had access to which files and when.


  • Enhanced Connection Security: Utilizes VPN technology to encrypt connections, ensuring safe and private data transmission.
  • Access Visibility Restrictions: Prevents unauthorized users from detecting the existence of restricted resources, enhancing security.
  • Data Loss Prevention (DLP): Employs cloud-based security policies and firewalling to prevent unauthorized data access or loss.
  • Integrated Access Management: Combines access rights management with connection security for comprehensive protection.


  • Lacks Data Discovery: Does not provide a tool for sensitive data discovery, requiring the use of additional third-party solutions.

The Perimeter 81 platform is charged for by subscription with four plans – each successively pricier plan has more features. The cheapest plan, called Essentials, costs $8 per user plus $40 per site each month. You can get a demo of the Perimeter 81 system to understand its capabilities.

Perimeter 81 Access a FREE Demo

5. LogicGate


LogicGate is a web-based automated risk compliance solution that satisfies many requirements of the GDPR. Through the LogicGate portal customers can launch a Data Access Request, Data Correction Request, Data Portability Request, and Data Removal Request. You can use the platform to respond to access requests and make sure that you’re not breaching the GDPR.

Key Features:

  • SaaS Compliance Platform: Offers a web-based solution for automated risk compliance, including GDPR requirements.
  • GDPR Risk Assessment: Provides tools for assessing risks associated with GDPR compliance.
  • DSAR Management: Facilitates handling Data Subject Access Requests efficiently and compliantly.

Why do we recommend it?

LogicGate is a governance, risk management, and compliance (GRC) platform and it can be tailored to identify problems and goals in your company’s compliance journey. This package is particularly useful for dealing with the breach notification process and managing the obligations to respond to inquiries from members of the public bout the data that is being held about them.

In the event of a breach, you can use the breach response process to respond within 72 hours. There are automated alerts to notify the authorities when you’ve discovered a breach. Being able to identify and respond to breaches promptly makes sure that you’re doing everything necessary to protect customer privacy.

More generally you can use the Data Processing Activity Records module to outline how your company processes personal data. You can build an asset inventory, which shows the relationships between different systems so you know exactly what risk factors customer data is exposed to.

Who is it recommended for?

Any business that has to comply with GRC is going to need a DSAR management tool, so this package is essential for that function alone. However, the importance of LogicGate extends to its risk assessment and breach reporting services as well. Small businesses will struggle with the requirements of GDPR and, although promoting the management of PII, the LogicGate doesn’t really remove the time-consuming tasks of GDPR compliance.


  • Versatile Compliance Support: Accommodates GDPR alongside other regulatory standards, ensuring broad compliance capabilities.
  • Secure Data Request Portal: Includes a customer portal for submitting data requests securely, enhancing transparency and trust.
  • Automated Compliance Notifications: Features automated alerts to keep teams promptly informed about compliance statuses and breaches.
  • Customizable Asset Management: Allows sysadmins to create detailed asset inventories and customize permissions to fit organizational needs.


  • Opaque Pricing Structure: Lacks clear pricing information, necessitating contact with sales for details.
  • Demo Access Restrictions: Requires contacting sales for a demo, lacking an immediate free download option.

To view a quote for LogicGate you will have to contact the company directly. The price will depend on the number of users, whether it’s a single application, where it’s deployed, and any additional features you wish to use. You can request a demo.

6. privIQ

PrivIQ DashBoard Screenshot

privIQ is a piece of compliance software designed to comply with GDPR and 6 other data protection standards. The tool provides you with analysis capabilities to help run compliance assets and protection impact assessments to satisfy GDPR requirements. You can record your data processing activities and use data mapping exercises to manage risk factors and data breaches.

Key Features:

  • Comprehensive Compliance Mapping: Supports GDPR, LGPD, PDPA, POPIA, and KVKK, providing a wide coverage of data protection standards.
  • Readiness Task Tracking: Enables efficient tracking of compliance preparation tasks to ensure timely completion.
  • Guided Compliance Practices: Includes best practices guides to streamline the compliance process.

Why do we recommend it?

The privIQ package caters to a number of data security standards, not just GDPR. This tool is good for getting the business fit for GDPR. It assesses your system, identifies security weaknesses, locates GDPR-qualifying data, and provides a road map to sorting out confidentiality issues. The change management project planning and tracking feature in the package is probably the most useful tool in the privIQ system.

You can manage your GDPR compliance strategy through the dashboard. You can create users, assign tasks with due dates, and view these on the dashboard. You could create tasks that correlate to processing activities. Users also receive notifications when due dates are approaching to make sure that they have completed the task. The dashboard helps your team to stay on top of IT assets.

There are four versions of privIQ available to purchase: Professional, Business, Business +, and Enterprise. The Professional version costs $58.20 (£45) per month for up to nine employees with two users. The Business version costs $116.46 (£90) per month for 10-50 employees and two users.

Who is it recommended for?

Small businesses are going to have the most difficulty when implementing GDPR compliance and privIQ is a good option for this category of enterprise because there is an edition of the platform tailored to their requirements. Finding the time and the budget to fix all of the issues that need to be sorted out to gain compliance can be overwhelming for small businesses that have little spare capacity, so the guidelines and plans that privIQ provides are a great help. Mid-sized and large businesses also have suitably sized editions of privIQ available to them.


  • Versatile Reporting Options: Delivers ready-to-use reporting tools for quicker compliance achievement.
  • Flexible Pricing Models: Offers four distinct pricing tiers to accommodate businesses of all sizes.
  • Detailed Visualizations: Provides clear reports and flowcharts to simplify complex data permission structures.


  • Performance Issues: Some users may experience lag within the web client, potentially affecting usability.

The Business + version costs £145 per month for 51-250 employees with five users. The Enterprise version supports 250 plus employees and unlimited admins/users but you need to request a quote.

7. Netwrix Auditor

NetWrix Auditor Dashboard

Netwrix Auditor is an auditing compliance platform that helps you to identify and protect GDPR data. Netwrix Auditor allows you to pinpoint the location of GDPR data right down to individual files and folders. Finding these files helps you to know which data you need to protect and where to find it in case of an emergency.

Key Features:

  • Sensitive Data Identification: Discovers and classifies sensitive data to streamline GDPR compliance.
  • Access Monitoring: Keeps logs of data access, enhancing the security and traceability of sensitive information.
  • Permission Management: Offers robust controls over access rights to secure and manage data effectively.

Why do we recommend it?

Netwrix Auditor is a compliance management platform. It alters its parameters automatically when you specify which data security standard you are following. The tool identifies the locations of sensitive data and promotes clean user account records in Active Directory to tighten up access controls. The tool, as the name suggests, also provides system security auditing, which results in recommendations for improvements and actual compliance reporting once you have hit the requirements target.

You can also implement access right controls to determine which users have permission to access individual files or folders. You can view reports that detail user access rights so you can see who has the necessary privileges to access what information, and whether permission was granted Directly or on a Group basis.

To monitor security risks Netwrix Auditor has a risk assessment function. You can run a risk assessment to find vulnerabilities in your identity and access settings. For example, you can view a summary of privacy risks such as User accounts with passwords not required and disabled computer accounts, alongside a Risk level.

Who is it recommended for?

Netwrix Auditor makes security tightening for compliance with GDPR an easy project, thanks to extensive scanning, recommendations, and guidance. However, this package is probably a bit too much for small businesses that would be able to manage issues such as abandoned accounts with manual checks. All other sizes of businesses would benefit from the Netwrix system.


  • User-Friendly Interface: Designed for ease of use, facilitating swift navigation and operation.
  • Automated Data Mapping: Capable of pinpointing and organizing GDPR-related data automatically.
  • Flexible Permission Editing: Allows modifications of access permissions on an individual, group, or bulk basis.
  • Comprehensive Risk Analysis: Evaluates risk levels by examining a variety of factors detected during scans.


  • Limited Trial Duration: The trial period may not provide sufficient time for a thorough evaluation.
  • Basic Alerting Features: Alerting functionality requires further enhancement for greater customization.
  • Lacks Guided Learning Resources: Additional self-help and instructional materials would benefit new users.


If you’re looking for a tool to help you map out your data processing and identify potential vulnerabilities then Netwrix Auditor is worth investigating. However, you will have to request a quote from the company directly. You can download the 20-day free trial.

8. Wired Relations

Wired Relations Privacy Software Dashboard

Wired Relations is a cloud service that offers compliance tools for GDRP, ISO 27001 / 27701 and other privacy programs. This system has a number of useful modules that include an eDiscovery tool and a data classification module. It also has a third-party risk management service built-in.

Key Features:

  • Cloud-Based Compliance: Offers a SaaS platform equipped with tools for GDPR, ISO 27001 / 27701 compliance.
  • Data Discovery and Classification: Automatically identifies and categorizes sensitive data across the network.
  • Data Mapping: Provides detailed mapping of data locations to simplify compliance processes.
  • Third-Party Risk Management: Includes a comprehensive service for assessing and managing risks associated with third-party vendors.

Why do we recommend it?

Wired Relations is a great tool for collaboration over compliance issues. With this system, teams can communicate, plan, track, and report on tasks to get compliant with GDPR and maintain a good data governance strategy. The system helps businesses that are new to GDPR get up to speed and identify responsible officers within each department to ensure that data governance is set up and complied with.

The eDiscovery system reaches out to supplier hosts, so you can map your data no matter where it is located. The location of each datastore is clearly flagged. This service is automated and continuous, so when new data locations arise, the Wired Relations system spots them.

The third-party assessment module includes a data processing agreement management system. This also notes the location of each supplier, which is very important for GDPR. The tool also includes a processing documentation guide, so you know exactly what your obligations are under GDPR.

The data mapping makes it easy to present a Register of Processing Activities when an organization is asked to document compliance.

Moreover, the system has an easy-to-use Task Manager making it easy to collaborate throughout your organization. With the task manager, you can drag-and-drop to-dos and controls.

Who is it recommended for?

This collaboration and task-tracing service are ideal for mid-sized businesses that are tackling compliance issues without the assistance of an expensive consultancy. Small businesses with few workers won’t need the meditation of technology to communicate plans. Large businesses have the money and resources to go big with projects. So, this tool is for all of the enterprises in between those two extremes.


  • Seamless Collaboration Tools: Facilitates team communication and task management for effective compliance strategy implementation.
  • Continuous eDiscovery: Automates the discovery of data storage locations, ensuring up-to-date compliance.
  • Supplier Management: Features a third-party assessment module with data processing agreement management, critical for GDPR compliance.
  • User-Friendly Interface: Presents a straightforward dashboard for an accessible overview of compliance status and tasks.


  • Limited Trial Offer: A more extended trial period would be beneficial for a thorough evaluation of the platform’s capabilities.

The Wired Relations system is a subscription service with three editions. The Essentials Pro plan includes all of the tools that you need for compliance. The Pro edition adds on controls management and a risk assessment module. The top plan, called Premium, has a lot more features, including data tagging. You can access a free demo.

9. Really Simple Systems

Really Simple Systems

Really Simple Systems is a CRM platform that has an inbuilt user consent collection feature for the GDPR. The marketing module enables the user to collect data handling consent from customers.

Key Features:

  • Integrated CRM Platform: Provides a comprehensive CRM system with a focus on GDPR compliance for managing customer data.
  • Consent Management: Features an inbuilt user consent collection mechanism to adhere to GDPR requirements.
  • Free Version Availability: Offers a no-cost option, making it accessible for businesses of all sizes to manage their customer relationships and consent records.

Why do we recommend it?

Really Simple Systems isn’t a GRC platform, instead, it is a marketing tool that ensures it keeps within GDPR requirements for managing the personal data of members of the public. GDPR doesn’t ban the management of data about business contacts. It is specifically concerned with the storage of personal information about members of the public. As the PII definition includes email addresses, the implementation of GDPR caused a real headache for email marketers. This tool addresses these problems by gaining consent for PII storage and usage up front.

Mailing and Consent Lists keep a record of when consent was given and from what IP address the consent came from. You can also allow customers to opt-in to receiving marketing communications (which is required by the GDPR).

Who is it recommended for?

This system is particularly useful for businesses that maintain contact with members of the general public with the intention of reminding those potential customers of the business’s existence. Targeted marketing requires intel on details about potential customers and storing that kind of data or worse, analyzing it, can get you into big trouble. Really Simple Systems writes up a consent form that gives you the permission to carry out your marketing arts and records responses in case of comebacks.


  • GDPR-Compliant Marketing: Enables marketers to collect data handling consent upfront, ensuring compliance with GDPR.
  • Consent Record Keeping: Maintains detailed consent lists, recording the date and IP address of consent, supporting compliance verification.
  • User-Friendly Consent Forms: Offers templates for creating GDPR-compliant opt-in forms, simplifying the consent process.
  • Ideal for Small Businesses: Serves as an excellent option for small enterprises looking to combine CRM functionalities with GDPR consent management.


  • Limited Compliance Reporting: Does not offer extensive reporting features for other compliance standards beyond GDPR.
  • Not Suitable for All: May not be the best choice for businesses that are satisfied with their current CRM solutions and only require additional GDPR compliance tools.

There are four versions of Really Simple Systems: Free, Starter, Professional, and Enterprise. The Free version supports up to two users with 100 company records and 100 MB of document storage. The Starter version costs $14 (£9) per user per month, with 1,000 company records and 1GB of document storage.

The Professional version costs $30 (£20) per user per month, with 5,000 company records and 5GB document storage. The Enterprise version costs $46 (£32) per user per month with unlimited company records and document storage. You can sign up for a free trial.

10. Vigilant Software GDPR Manager

Vigilant Software GDPR Manager

Vigilant Software GDPR Manager is a basic GDPR compliance tool designed to help record compliance activity. The tool combines gap analysis, DSAR processes, data breach response, and third-party management features to comply with the requirements of European legislation. You can log personal data breaches and security events through the Breach report module.

Key Features:

  • Comprehensive Compliance Tool: Streamlines GDPR compliance with features for gap analysis, DSAR handling, data breach response, and third-party management.
  • Breach Detection and Documentation: Facilitates the logging of personal data breaches and security events through a dedicated breach report module.
  • Detailed Compliance Reporting: Generates compliance reports to track and showcase GDPR adherence efforts.

Why do we recommend it?

Unfortunately, GDPR compliance is complicated and there are too many dos and don’ts to keep in your head. The Vigilant Software GDPR Manager simplifies these complexities by identifying where your procedures need to be tightened and it will also manage the paperwork for issues such as breach reporting and DSAR processing. The tool can only help you once you have set it up to properly define your business, so it can take a lot of time to get up and running.

There is a Gap analysis tool included with the Vigilant Software GDPR Manager called the Gap Analysis module. The Gap Analysis module allows you to assess your level of GDPR compliance. By using the tool you can identify ways to improve your cybersecurity strategy and avoid non-compliance activities.

To enable you to respond to data subject access requests there is a DSAR module. The user can log access requests making it easy to respond to requests within the two months’ time limit imposed by the GDPR.

Who is it recommended for?

This tool is probably too much for small businesses to manage but just about right for mid-sized enterprises. The system can help support a compliance manager who doesn’t have any assistance from a department to run compliance.


  • User-Centric Dashboard: Offers a highly visual and customizable dashboard for easy compliance monitoring.
  • Gap Analysis for Compliance: Utilizes gap analysis to pinpoint and address areas needing improvement for GDPR compliance.
  • DSAR Management: Integrates a DSAR module for efficient handling of data subject access requests within GDPR timelines.
  • Breach Logging Capability: Simplifies the process of recording and accessing information on data breaches.


  • Complex Setup: Initial configuration can be intricate, demanding time and effort to tailor the system to specific business needs.
  • Potentially Excessive for Small Businesses: May be more comprehensive than necessary for smaller enterprises, aligning better with the needs of larger organizations.

Vigilant Software GDPR Manager also integrates with four other Vigilant Software products including vsRisk Cloud, Data Flow Mapping Tool, and Compliance Manager. The price of Vigilant Software GDPR Manager starts at $64.66 (£49.95) per month for a single user and $213.53 (£164.95) per month for a multi-user. You can request a demo.

11. OneTrust


OneTrust is a risk, compliance, and privacy management software solution that can be used to keep records necessary to meet GDPR regulations. Features include data mapping, privacy impact assessments, and risk management capabilities. For example, you can create a Readiness Assessment to evaluate where your security measures stand in relation to the GDPR. Readiness assessments are customizable but there are also templates built by a community of privacy experts.

Key Features:

  • Comprehensive Compliance Solution: Offers an extensive suite for risk, compliance, and privacy management tailored to GDPR needs.
  • Data Access Logging: Tracks and logs data access events to ensure transparency and accountability.
  • Risk and Compliance Assessment: Features tools for conducting risk assessments and generating compliance reports.

Why do we recommend it?

OneTrust is a cloud-based compliance system with different flavors that cater to different standards. It has a tailored package for GDPR compliance. This is a big system and, although it includes automation, still caters to businesses that have many departments that are too numerous for a single GRC officer to coordinate. The service enables many roles that need to get involved in ensuring GSPR. These will be people placed in different sections of the business, such as purchasing, accounting, IT security, and IT operations.

Self-assessments can then be turned into reports in PDF format. Reports contain a color-coded Overall Readiness score and an Assessment Summary of Questions, Compliance Gaps, and more. Reports are great for evaluating your current data handling processes.

You can even build a data subject rights request portal. You can create a branded web form and link to it from your company’s site. You will then be notified automatically when a subject submits an access request. The request portals are extremely useful because it makes sure that you can handle access requests promptly.

Who is it recommended for?

This is a system for large businesses with people who are physically too far apart to regularly get together in person. The service will coordinate the efforts of a dispersed team who have a collective responsibility to ensure GDPR compliance.


  • Intuitive Interface: Provides a straightforward and uncluttered interface for ease of use.
  • Customizable Assessments: Enables the creation of customized readiness assessments with the help of expert-built templates.
  • Automated Reporting: Facilitates easy conversion of self-assessments into detailed, color-coded reports for internal and external review.
  • Data Subject Request Portal: Offers capabilities to build branded request portals for efficiently handling data subject access requests.


  • Limited Trial Duration: A more extended trial period would allow for a more thorough evaluation of its capabilities.
  • Lack of Preconfigured Options: More out-of-the-box workflows and reports would enhance immediate usability for new users.
  • Complex Alert Customization: The process for customizing alerts could be made more user-friendly and intuitive.


If you require a tool for GDPR documentation and a general privacy management solution then OneTrust is worth evaluating. The price of OneTrust depends on the features you want to use and the size of your organization. You can request a 14-day free trial.

GDPR Compliance Software: Stay on Top of Data Access Requests 

Using a GDPR compliance platform is a great way to eliminate any confusion and design a responsive data management strategy.

Whether that’s managing access rights with a tool like SolarWinds Access Rights Manager or managing data subject access requests through an online portal like OneTrust, there are plenty of options available to choose from. The best strategy is to find one that naturally integrates with your current compliance strategy.

GDPR Compliance FAQs

How does GDPR impact email campaigns?

GDPR governs the use of other people’s personal details and any email address that identifies a person is included in the definition. The key factor that influences email campaigns under GDPR is consent. That means you shouldn’t use bought contact lists unless the people on those lists have specifically agreed that their details can be passed on. If members of the public give you their email addresses in response to an offer for more information it is OK to send out relevant emails on the indicated topic to them.

How can I ensure GDPR compliance for my software development projects?

Use this checklist to ensure GDPR compliance on your software development project:

  • Use a pseudonym Keep real personal data in a separate area of storage or memory and process each person by that reference name rather than by actual identifiers – a username would work as a pseudonym.
  • Create feedback channels Include a feature in your app that enables users to request that all of their personal information is removed from the system. This should also allow them to demand that their data is transferred to another organization.
  • Data breach tracking and reporting Your system should be secure. However, you should also have procedures in place in case of unauthorized disclosure. You must inform users and law enforcement within 72 hours of a data breach. So, have data loss protection in place in your app and make sure it includes retrospective event auditing. 
  • Privacy by default Default everything to be as anonymous as feasibly possible.
  • Informed consent Get the users to express consent to any data storage event – the consent can be a single action at the beginning of your relationship with them.

Does GDPR only apply to electronic data?

The GDPR applies to all personal data which is processed by a business or organization. Non-personal data processed electronically is not included and personal data held on paper is included. However, paper-based records have to be in a structured format, so scribbled notes don’t count.

Where can I get GDPR compliance certification from?

There is a different governing body for GDPR in each country. Accredited GDPR auditors will be able to mediate your certification process.

Are Google Forms GDPR compliant?

The Google Forms app is just a format and so, in itself doesn’t cover any reason for compliance. What matters is what data you use Google Forms to gather and how you store that data.