Data mapping Policy generator DPIA / risk Vendor management Training Task reminders Legal basis Cookie & tracker controls Support tickets Templates
MODULE · DATA MAPPING

Data mapping & inventories

Build and maintain a complete inventory of personal data across your organisation — the foundation of GDPR compliance.

How to create your first data map:
  1. Discover data sources: Use the built-in scanner or manually add systems (CRM, HR files, marketing tools).
  2. Classify data elements: Tag fields (name, email, health data, etc.) and identify special categories.
  3. Map data flows: Connect sources to business processes, departments and third parties.
  4. Link to legal basis & retention: Assign lawful basis and retention period per purpose.
  5. Review & publish: Validate with Data Protection Officer and mark inventory as “active”.

📌 Inventory best practices

Update quarterly
Set up automated reminders to refresh data maps.
Access control
Limit editing to compliance leads, view-only for auditors.
Version history
Each change is logged for audit trail.
Tip: Use the “data flow visualizer” to spot unchecked transfers outside EU.
MODULE · POLICY GENERATOR

Policy and document generator

Generate GDPR‑compliant privacy policies, DPA, consent forms and more in minutes — tailored to your SME.

⚙️ Generation workflow:
  1. Select document type (Privacy policy, Cookie policy, Records of processing, etc.)
  2. Fill the dynamic questionnaire: company info, purposes, third parties, contact details.
  3. Preview and adjust language (plain English / legal style).
  4. Export as PDF, DOCX or HTML — or publish directly to your website.

Available templates

  • 📃 Privacy policy (Art. 12-14)
  • 🍪 Cookie policy
  • 🤝 Data Processing Agreement (DPA)
  • ✍️ Consent forms (opt-in boxes)
  • 📋 Record of processing (Article 30)
  • ⚠️ Breach notification template
All documents are reviewed by EDPB guidelines and updated automatically when laws change.
MODULE · DPIA

DPIA & risk assessment workflows

Perform Data Protection Impact Assessments for high‑risk processing, following WP29 guidelines step‑by‑step.

🛡️ Standard DPIA workflow:
  1. Trigger: system flags processing that requires DPIA (or manual creation).
  2. Describe processing: nature, scope, context, purposes.
  3. Assess necessity & proportionality: pre-built checklists.
  4. Identify risks: to rights and freedoms (categories: unauthorized access, data modification, etc.).
  5. Mitigation measures: select technical/organisational controls.
  6. Residual risk scoring: low/medium/high — if high, consult supervisory authority.
  7. Approve & sign off: DPO and controller sign digitally.

📊 Risk scoring matrix

The module uses a 5x5 matrix (likelihood vs. severity) and suggests mitigation. You can override but justification is stored.

All DPIA are stored with version history and can be exported for authority review.
MODULE · VENDOR

Vendor / processor management

Centralise all your processors, sub‑processors and third‑party contracts. Automate DPA signature tracking.

Add vendor – name, contact, country, processing activities.
Upload DPA – set expiry alert 90 days before.
Risk tier – low/medium/high based on data sensitivity.

✍️ Step‑by‑step: processor onboarding

  1. Create vendor profile → enter basic info.
  2. Link processing activities (from ROPA) handled by this vendor.
  3. Upload signed DPA and set review date.
  4. Schedule annual re‑assessment (automated task).
  5. If sub‑processors are used, list them and track approval.
You'll receive reminders when a contract is about to expire or if a vendor suffers a breach (news feed).
MODULE · TRAINING

Training & awareness module

Assign GDPR courses to employees, track completion, and prove staff awareness (required under accountability).

📚 Built‑in courses

  • GDPR basics for all staff (15 min)
  • Data subject rights (for support teams)
  • Security & breach reporting (advanced)
  • Privacy by design (developers)

📝 How to assign training

  1. Go to Training dashboard → “Create assignment”.
  2. Select employees (by department, role or individually).
  3. Choose course(s) and deadline.
  4. System sends email invitations and reminders.
  5. Monitor completion percentage in real‑time.
Completion certificates are stored per employee for audit.
MODULE · TASK

Task management & reminders

Never miss a GDPR deadline: automated tasks for DSR, breach reporting, policy review, and more.

DSAR deadline – task created when request received, due in 30 days.
Policy review – annual re‑approval task.
Vendor reassessment – 6‑month check.

⚙️ Creating custom tasks

  1. Click “Add task” from the main dashboard.
  2. Set title, assignee, due date, and priority.
  3. Attach related item (e.g., a DPIA or vendor).
  4. Choose reminder schedule (email, in‑app, Slack/Teams webhook).
💡 Pro tip: Use “recurring tasks” for quarterly data mapping reviews or monthly consent audits.
MODULE · LEGAL BASIS

Legal basis & purpose registry

Central register of all processing purposes with the corresponding lawful basis (Art. 6) and, if applicable, special category condition (Art. 9).

Structure of an entry

  • Purpose name (e.g., “direct marketing”, “payroll”)
  • Description – why and how data is used
  • Legal basis (consent, contract, legitimate interest, legal obligation, vital interest, public task)
  • For legitimate interest: LIA test summary
  • Data categories used (linked to data inventory)
  • Retention period / criteria

📌 Linking to other modules

The purpose registry feeds into your consent banners (purposes), privacy policy generator, and ROPA. Changes propagate after approval.

If you rely on legitimate interest, the system prompts you to complete a Legitimate Interest Assessment (LIA) and stores it.
MODULE · COOKIE / TRACKER CONTROLS

Cookie banner + tracker enforcement

The app now provides a complete implementation flow: discover trackers, categorize them, generate loader snippet, and enforce visitor choices at runtime.

🍪 Recommended setup flow:
  1. Open Tracker scan and run first pass (plus optional headless second pass).
  2. Categorize detected resource URLs as essential, functional, marketing, or performance.
  3. Save categories and copy the generated website embed snippet from the tracker scan page.
  4. Paste loader.js first in your website <head>, then cookie-banner.js.
  5. Verify that non-essential requests are blocked until visitors opt in.
Tracker scan
Stores scan runs, discovered URLs, and per-seat categorization work.
Tracker signatures
Admin-maintained global matching rules for URL substrings and inline regex patterns.
Loader enforcement
Runtime request filtering by visitor consent category on the customer website.

Category mapping used at runtime

  • Essential: always allowed.
  • Functional: allowed only when functional consent is enabled.
  • Analytics: allowed only when analytics consent is enabled.
  • Marketing: allowed only when marketing consent is enabled.
  • Performance from tracker scans is mapped to Analytics in loader.js.
Use the in-app snippet generated in Tracker scan instead of manually building banner code in Help.
MODULE · TEMPLATES

Templates library for SMEs

A rich collection of ready‑to‑use GDPR templates designed for small and medium businesses. Customise and reuse.

📁 Available template categories

  • ✅ Data subject request forms
  • ✅ Subject access request log
  • ✅ Consent records (spreadsheet style)
  • ✅ Data breach register
  • ✅ Employee GDPR handbook
  • ✅ Records of processing (ROPA) starter
  • ✅ Legitimate interest assessment (LIA) form
  • ✅ DPIA screening checklist
  • ✅ Vendor due diligence questionnaire
  • ✅ Privacy notice for employees

📎 How to use

  1. Browse library by module (DPIA, vendor, etc.).
  2. Preview template online.
  3. Click “Use this template” – it creates a new record in the corresponding module pre‑filled.
  4. Adapt fields and save as your own.

SME templates are drafted by legal experts and updated quarterly.

MODULE · SUPPORT

Support tickets & customer assistance

Customers can submit support tickets from the in-app Support page while logged in. The form pre-fills the account email (read-only) and sends tickets to the support team.

🛟 Ticket workflow:
  1. Open Support from the Admin section in the sidebar.
  2. Review account email (displayed and locked).
  3. Enter subject, urgency, and detailed message.
  4. Submit ticket; system emails support@gdprcompliancehub.com.
  5. Ticket is also stored in the platform database with delivery status and reference.
Logged-in only
Support page requires valid session and redirects unauthenticated users to login.
Email delivery
Uses the platform notification service and company/global SMTP configuration.
Ticket history
Each ticket stores requester, urgency, page context, and sent/failed delivery state.

Frequently asked questions

Can I export all mapping data for an auditor?

Yes. Each module has an “Export” button (PDF, CSV, or Excel). For full audit package, use the “Audit export” in the main dashboard.

How are tasks assigned to seats?

Tasks are assigned to individual seat holders (users). They receive notifications via email and on‑dashboard. You can also assign to a role (e.g., DPO) and any seat with that role can pick it up.

Do the policy documents include references to local EU laws?

Yes. The generator asks for your country (or countries) of establishment and adapts recitals accordingly (e.g., French CNIL specifics, German BDSG).

GDPR knowledge base · v3.1 · Last updated Apr 2026 · suggest edit