Our aim here at GDPR Systems is to make your data protection life a LOT easier.

We do this by taking you through a process which ticks most of the boxes designed to enable you to demonstrate, evidence and manage all of your GDPR responsibilities.

Ultimately we aim to ‘Make Complex Simple’.

Want to know more? Give us a call or email us on Tel:01865 600 410 |

What Do Our Systems Offer You?

Asset Lists

A key part of the GDPR is knowing where personal data sits in your organisation. Our OFFICE system enables you to create comprehensive asset lists of both digital and non-digital assets which serve as the bedrock of your data protection accountability. For CCTV the system enables you to document all of your cameras and storage devices (NVR/DVR) in a simple and logical manner.

Data Flows

Understanding how personal data flows through your organisation is a critical component of the GDPR and for most of our clients it is the most challenging!

With our systems you will be able to document where you get your personal data from, where it goes internally and ultimately where you send it thereby understanding in great detail the complete eco system of data flows that your organisation undertakes.


Assets are key – but your people are more important. Both OFFICE and CCTV systems enable you to document all personnel who have access to personal data both inside and outside of your organisation. We then ask you to assign each person to the relevant asset as this ensures that you have a record of accountability which can easily be traced should the need arise.

Personal Data

Knowing what personal data you process is absolutely critical to your GDPR accountability and transparency. You will be able to assign which personal data is linked to each asset AND tie it in with the relevant person that has access to it.


Lawful Bases

For each use of personal data you are required by law to choose an appropriate lawful basis in order to process correctly. Our systems enable you to choose simply and easily which basis you deem as the most appropriate – and then provide evidence of this choice.

Digital Security Gap Analysis

Knowing where to focus your attention is key to your ongoing data protection responsibilities. Our simple traffic light system enables you to see at a glance where the key security issues lie thus enabling you to prioritise which of your systems need immediate attention.

Supplier Management

If your organisation is a data processor or joint data controller, you will be required to evidence that you have all relevant contracts in place with your data controller.

If you are a data controller you will need to be able to evidence that you have documentation in place which informs all of your suppliers what you expect from them and/or what they have in place from a GDPR perspective.

Our systems enable you to upload the relevant contracts  for your ease and convenience.


For ease of reporting to senior management or your supervisory authority we have created 3 reports for your benefit.

  • Accountability – Engaging with the GDPR creates a lot of information – this report distils that information into relevant summaries of the key information required – it identifies your inbound and outbound data flows and includes each use of personal data, which data is included, your purpose for using it,  your chosen lawful basis, your retention period and where you send the data.
  • Gap Analysis – being able to see at a glance where the gaps are in your OFFICE system as a whole is critical to the smooth ongoing management of your GDPR responsibilities. Our Gap Analysis report enables you to see which assets need attention, which personnel need assigning and which personal data fields need attention.
  • Personal Data Locator – when a request for information comes into your organisation, you need to be able to move quickly to answer the request or question. The Personal Data Locator report will tell you where each type of personal data that your organisation processes is held or used. This could be on an asset or in a data flow. You can also choose to only find data that relates to children should you need to.


  •  Creation – One of the key responsibilities that your organisation has is to have up to date relevant policies and procedures. Each of our systems gives you bespoke documentation which includes a breach management policy and procedure, subject access request documentation, privacy policy and for CCTV a public notice document. All documentation is updated automatically as you use the system so you don’t have to worry about trawling through old paper documents to try and update them every year!
  • Upload – Of course you may have already spent lots of money on having your own documents written so we give you a place to store all of your relevant data protection documentation so that you don’t have to move the water cooler to find the policy you are looking for!

Unlimited Users

There are different people with different levels of access to personal data within your organisation. Some will need access to your OFFICE or CCTV GDPR System and others won’t even know it exists! We don’t want you to be hamstrung by this, so you have the opportunity to add unlimited users to enable you to demonstrate full transparency and accountability. You can even add outside suppliers to the system (IT company for example) so that they can populate the system with the information you pay them to know and then you can delete them afterwards.

Bespoke Management overview Facility

If your organisation has many different locations or departments it represents a data protection management nightmare. This system enables your DPO or organisations lead on data protection to access, view and report at a granular level on your organisation as a whole whilst being able to drill down to each site’s specific progress with their data protection responsibilities.

Want to know more? Give us a call or email us on Tel:01865 600 410 |