Software for GDPR compliance

GDPR compliance software tools from Vigilant Software

The EU General Data Protection Regulation (GDPR) requires organisations to implement appropriate technical and organisational measures to protect the personal data they process.

IT Governance’s sister company Vigilant Software has created a range of modular, Cloud-based GDPR software tools to help make your compliance journey easier.

Its integrable, Cloud-based GDPR software solutions will help you ensure compliance.

UK data protection law is currently being revised. We are following the progress of the Data Protection and Digital Information (No.2) Bill through parliament and will keep you updated on how it might affect your data processing obligations.

Data Flow Mapping Tool

Article 30 of the EU GDPR requires data controllers and processors to maintain written records of their processing activities and make them available to the supervisory authority – the ICO (Information Commissioner’s Office) in the UK – on request.

The easiest way of determining your processing activities is to map your data flows and create a personal data inventory.

Data flow mapping will also save valuable response time, particularly when fulfilling your obligations with data breach notifications and data subjects’ rights.

You can streamline the data flow mapping process with Vigilant Software’s Data Flow Mapping Tool.

Data flow maps created using the Data Flow Mapping Tool can be quickly reviewed, edited and updated by multiple people as your organisation evolves.

With this GDPR tool, you can:

  • Use the personal data inventory to log details of the personal data items involved in each process and generate an inventory of personal data;
  • Specify your lawful basis for processing, the types of personal data being processed and the categories of data subjects;
  • Generate a version-controlled data flow report that compiles information from your data flow map in an easy-to-read format to share with stakeholders; and
  • Update the process map and details whenever changes are made to the process.
  • The tool also features a simple toolbar to create and edit data maps, a user-friendly interface and a tutorial.

The tool also features a simple toolbar to create and edit data maps, a user-friendly interface and a tutorial.

Learn more about the Data Flow Mapping Tool


A DPIA (data protection impact assessment) is a type of risk assessment that identifies the risks affecting the security of personal data and works out their likely repercussions.

Article 35 of the EU GDPR requires DPIAs to be carried out wherever a type of processing is likely to result in a high risk to data subjects’ rights and freedoms.

DPIAs are mainly required in the case of:

  • Systematic and extensive evaluation of natural persons based on automated processing and on which decisions are based that produce legal effects concerning natural persons;
  • Large-scale processing of special categories of data or personal data relating to criminal convictions and offences; and
  • Systematic monitoring of a publicly accessible area on a large scale.

A DPIA should contain at least:

  • A description of the processing operations and the purposes of the processing;
  • An assessment of the necessity and proportionality of the processing operations in relation to the purposes; and
  • An evaluation of the risks to the rights and freedoms of data subjects and the measures envisaged to address those risks.

The DPIA Tool simplifies and accelerates the whole DPIA process and helps you meet this essential GDPR requirement.

Use the DPIA Tool to:

  • Quickly determine whether you need to conduct a DPIA;
  • Conduct consistent, comprehensive DPIAs;
  • Identify risks and determine the likelihood of their occurrence and impact;
  • Quickly review and update DPIAs when changes in processing activities occur; and
  • Easily share information with stakeholders and your supervisory authority.

Learn more about the DPIA Tool

GDPR Manager

GDPR Manager is a GDPR management tool that helps you manage some of the more arduous elements of GDPR compliance, such as recording and reporting data breaches, handling DSARs (data subject access requests) and determining whether third parties have suitable measures in place to protect personal data.

This four-in-one GDPR management software comprises:

  • Gap Analysis module – Assess your level of compliance with BS 10012:2017 – the personal information management system standard aligned with the GDPR – and identify the actions you need to take to protect personal data in compliance with the GDPR.
  • DSAR module – Keep a record of all DSARs received and how they have been followed up.
  • Breach Report module – Record all data breaches and incidents affecting personal data and streamline your data breach notification process.
  • Third-Party Management module – Keep track of all third parties your organisation works with to process personal data – whether data controllers or processors.

Learn more about the GDPR Manager


The Data Flow Mapping Tool, DPIA Tool and GDPR Manager are all available on the CyberComply platform – a Cloud-based compliance management software solution that gives you total control over your cyber risk and data privacy management monitoring and compliance in one place.

The platform has been designed to:

  • Be scalable to address evolving and increasing threats;
  • Facilitate repeatable risk assessments;
  • Help you make consistent decisions based on fact rather than interpretation;
  • Be maintainable for multiple stakeholders across your organisation; and
  • Be quick and cost-effective, with everything you need in one place for governance, risk management and compliance.

Learn more about CyberComply

SAVE 25%