United Kingdom
Select regional store:

GDPR Compliance Software Tools

Cyber risk and privacy management software tools from Vigilant Software

The EU GDPR (General Data Protection Regulation) requires organisations to implement appropriate technical and organisational measures to protect the personal data they process.

IT Governance’s sister company Vigilant Software has created a range of modular, Cloud-based software tools to help make your GDPR compliance journey easier.

Its integrable, Cloud-based software tools will help your ISO 27001 compliance journey.

Data Flow Mapping Tool

Article 30 of the EU GDPR requires data controllers and processors to maintain written records of their processing activities, and to make them available to the supervisory authority – the ICO (Information Commissioner’s Office) in the UK – on request.

The easiest way of determining your processing activities – including what data you process, why you process it, where you store it, how you transfer it and who you transfer it to – is to map your data flows and create a personal data inventory.

This will also save you valuable response time, especially when it comes to fulfilling your obligations in relation to data breach notifications and data subjects’ rights.

The process can be substantially streamlined with Vigilant Software’s Data Flow Mapping Tool.

Data flow maps created using the Data Flow Mapping Tool can be easily reviewed, edited and updated by multiple people as your organisation evolves.


With this tool you can:

  • Use the personal data inventory to log details of the personal data items involved in each process and generate an inventory of personal data;
  • Specify your lawful basis for processing, the types of personal data being processed and the categories of data subjects;
  • Generate a version-controlled data flow report that compiles information from your data flow map in an easy-to-read format to share with stakeholders; and
  • Update the process map and details whenever changes are made to the process.
  • The tool also features a simple toolbar to create and edit data maps, a user-friendly interface and a tutorial.

Learn more about the Data Flow Mapping Tool >>

DPIA Tool

A DPIA (data protection impact assessment) is a type of risk assessment that identifies the risks affecting the security of personal data and works out their likely repercussions.

Article 35 of the EU GDPR requires DPIAs to be carried out wherever a type of processing is likely to result in a high risk to data subjects’ rights and freedoms.


DPIAs are particularly required in the case of:

  • Systematic and extensive evaluation of natural persons based on automated processing and on which decisions are based that produce legal effects concerning natural persons;
  • Large-scale processing of special categories of data or personal data relating to criminal convictions and offences; and
  • Systematic monitoring of a publicly accessible area on a large scale.

A DPIA should contain at least:

  • A description of the processing operations and the purposes of the processing;
  • An assessment of the necessity and proportionality of the processing operations in relation to the purposes; and
  • An assessment of the risks to the rights and freedoms of data subjects, and the measures envisaged to address those risks.

The DPIA Tool simplifies and accelerates the whole DPIA process, and helps you meet this key GDPR requirement.


Use the DPIA Tool to:

  • Quickly determine whether you need to conduct a DPIA;
  • Conduct consistent, comprehensive DPIAs;
  • Identify risks and determine the likelihood of their occurrence and impact;
  • Easily review and update DPIAs when changes in processing activities occur; and
  • Easily share information with stakeholders and your supervisory authority.

Learn more about the DPIA Tool >>

GDPR Manager

GDPR Manager helps you manage some of the more arduous elements of GDPR compliance, such as recording and reporting data breaches, handling DSARs (data subject access requests) and determining whether third parties have suitable measures in place to protect personal data.


This four-in-one compliance tool comprises:

  • Gap Analysis module - Assess your level of compliance with BS 10012:2017 – the personal information management system standard aligned with the GDPR – and identify the actions you need to take to protect personal data in compliance with the GDPR.
  • DSAR (Data Subject Access Rights) module - Keep a record of all DSARs received and how they have been followed up.
  • Breach Report module - Record all data breaches and incidents affecting personal data, and streamline your data breach notification process.
  • Third Party Management module - Keep track of all third parties your organisation works with to process personal data – whether data controllers or processors.

Learn more about the GDPR Manager >>

This website uses cookies. View our cookie policy