In this article, we will introduce you to some useful GDPR software tools which may help you reach GDPR compliance and maintain it. We will focus on tools that are easy to implement, most are free or have very reasonable pricing levels. You may already have access to some of the software tools within your current software stack and just need to make use of them. We have also included a list of best practices and tips that should be considered when building your own toolkit.
Table of Contents
First things first: what is GDPR?
What is GDPR compliance software?
Principles of GDPR you should know before choosing the software
Lawfulness, fairness and transparency
This principle requires that all organisations must ensure that any processing activities comply with applicable laws and regulations. In other words, if you process people’s personal data, you must ensure that you follow the rules set by the legislation.
The main components of this principle are:
- Demonstrating a lawful basis for obtaining and processing personal data. GDPR defines six lawful bases: consent, the performance of a contract, legitimate interest, vital interests, legal requirement and public interest. You can read more on lawful bases in our article here.
- The collection of personal data must be conducted in a fair manner. Fair means that the way in which data is collected must be transparent and fully explainable to the person who provides his/her personal data.
- Transparency means that an individual must always be informed whether he/she is being asked to provide his/her personal data. The “right to be informed” is a core element of this principle. Examples of transparency principles could be privacy policies and notices located on your website, cookie policy and other documents providing the data subjects with a clear understanding of how personal data is being collected and processed.
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality (security)
Accountability
- Records of Processing Activities;
- Personal Data Protection Policy;
- Privacy Notices (for employees, website visitors, etc.);
- Data Processing Agreements signed with your service providers;
- Data Retention Policy and schedules;
- Consent forms;
- Data breach response and notification procedures;
- Data Breach register;
- Data subject request processing procedures;
- Data Protection Impact Assessments;
- Legitimate Interest Assessments;
- Vendor Assessments;
- Data Transfer Impact Assessments.
GDPR compliance software
GDPR audit tools
ICO data protection self-assessment
- small business owners and sole traders checklist;
- data protection assurance checklists for controller and processor;
- information security checklist;
- direct marketing checklist;
- records management checklist;
- CCTV compliance checklist.
- accountability governance;
- processing principles;
- privacy by design and default;
- data protection impact assessment;
- records of processing;
- data subject rights;
- consent and notices;
- breach management;
- processors;
- data transfers.