The GDPR Compliance portal and Back Office is the single most powerful tool available to deal with and ensure that you are GDPR Compliant in all your processing. It is the a single "Per Processing" compliant model and it works by allowing you to customise each data collection and / or data processing that you do so the correct information is recorded and provided to data subjects as required by the GDPR.

Under the GDPR a single Privacy Policy is NOT SUFFICIENT! You must provide PROCESS and PURPOSE information for each and every processing, reprocessing and data collection  and get consent all at the same time. You must also provide information about how and where you got the personal data together with rights and corrective measures and provide facilities for those data subject interactions. Also if your processing is not done in an EU Approved Country then you need to provide additional information about that too. All a bit overwhelming?

This is what the GDPR Compliance Portal and Back Office does!
It's called "Data Driven Per Campaign Processing" and it's turn-key.


Every time you want to capture data, and process that data, you create a processing campaign using the Compliance Portal and let it do all the heavy lifting and hard work. You may not realise it but there can be more than 20 contact relationships for a single processing effort. Controllers, Processors, Agreements, DPO, Data Subjects, Policies, learning, your IT Team, your marketing and digital media team, EU Representative, Codes of Conducts, Data Subject Rights, requests and processes. Each of these will most likely be a unique combination for each processing.


So what is a processing, well it can be something as simple as your Website cookies, a newspaper competition, website blogs, data collection for email promotions, trade show data collection, telephone marketing, call-center operations, all of which maybe a different processor than you. You will most certainly deal with the data in a different way and the purpose is definitely different. So you need to cover all those relationships with each processing for each collection or processing.


If you did all the things listed you would have a network of some 140 contact relationships. Now consider that you may outsource your call-center operations to a call center in a non-EU authorised country. Well that just got completely different again.


How it works...

  1. Your business controls and maintains all the relationships with each data collection or processing.

  2. The Portal is pre-loaded more than 20 X ISO 27001 / 27002 Information Security Management Framework - Policy and Standards documents that will customise to your membership immediately. This is the Requirement for "Organisational Measures" within the GDPR. This also includes, Guides, Forms, Checklists and Weekly, Monthly, 3-monthly, 6-monthly and annual compliance action lists, that relate to the Policy and Standards - all designed to make your management simple.

  3. When you create a "Data Driven Processing Campaign" the outcome is the EU Contracts and Agreements (10) that are required between the controller (11) and the Processor (12) with respect to the location of each and the data that is to be processed or collected, which AUTOMATICALLY generates the required data collection statements, Data Subject Rights Notification Documents, and all the necessary opt-in/opt-out forms and packages it all as neat little URLs which you can add to emails, web sites etc. 

  4. You are now ready to collect the data or do the data processing. Remember this is unique for each processing, and it MUST be recorded as such. The Portal will also allow you to perform a quick Risk Assessment on the spot!

  5. Once your data subjects want to know anything about the processing, collection or lodge a request or complaint, all part of the GDPR, they can click links in emails, on web sites etc. All automatically generated for you by the portal. Check this out, it's out cookie policy - Automatically Data Driven Generation

  6. The Portal will generate the forms necessary together with the notices for the data subjects.

  7. All Data Subject compliance is handled by your outsources ISO-accredited Certified Data Protection Officers, who will be able to see your policies, procedures etc together with the details of the collection or processing as an integrated service, as if they are working at your office.

  8. Any issues with the Supervisory Authority are managed between the EU Representative (9) and the DPO (7). We are supporting and officially representing your compliance efforts - its all part of your membership.

  9. You are required to have an EU Representative if you are not located in the EU but you want to trade or promote your products or services in the EU. We provide an EU Representative as part of your membership.
  10. If you add new controllers which may be subsidiaries or sub-members, they may require a variety of compliance documents such as agreements, EU representations etc. These are automatically generated if new relationships are formed, so you can always show that these agreements are in existence.

  11. You can create and reuse Controllers and Processors or the relationship. Remember that binding agreements are required between controllers and processors that are not in the EU and more so, if they are located in countries that are not Approved by the EU Parliament.

  12. Processors are integrated, so businesses that manage multiple controllers and processors like Advertising Agencies are able to mix and match from their pool of resources.

  13. The Portal has built-in Processor and Staff training resources. A GDPR Requirement for Non-EU processors is that they receive some training in data privacy and handling procedures, so this short staff training can be made available to all the staff at the processor that handle the personal data.

  14. When a processor staff member completes the training, your business can see who has successfully completed the training as part of the Risk Assessment and your Information Security Management Framework.

  15. Finally, a number of reports are generated, as required by the GDPR. All available at your fingertips.

You can see why is your best choice for turn-key compliance. Join Today, start preparing and get ready with the minimum of fuss.

The image on the left shows that a Non-EU Approved Country Processor requires a different Data Transfer Agreement, and nominates the EU Representative for the processing too.

The Agreement is automatically created by the GDRP Compliance Portal AUTOMATICALLY!

Need to know something? Send Us an Email:

ALL PRICES ON THIS WEBSITE ARE Euro € unless otherwise stated.

© 2016 - 2019 by GDPR Forensic Limited All Rights Reserved. 

The star logo and the DPO and CA Seals are Trademarks of GDPR Forensic Limited, unauthorised use is prohibited.

  • Facebook Social Icon
CA Certified Logo Device
DPO Certified Logo Device