GDPRoofed data privacy management software

Handle all your GDPR related information and registry in one centralized software solution

Our system supports organisations to easily keep an up-to-date information about data collected from individuals. You can use our software to comply with the new EU General Data Protection Regulation (GDPR). You can make the registry manually or the system can be integrated with operational systems. We don't store any personal data, just meta-information. 

Time left until GDPR shall apply

What is GDPR?

What does it mean to your company? Why should you get prepared? Who does the GDPR affect?

The GDPR applies to all the organisations/companies who are processing and storing personal data of data subjects in the European Union.

The GDPR is a regulation that will come into force on the 25th of May 2018.

The aim of the GDPR is to protect and empower the customers’ data privacy focussing on the customer. It has an impact on your business if your company handles any of the following data of its customers:

  • Name
  • Address
  • Location
  • Online identifier
  • Health data
  • Income
  • Cultural Profile
  • National Identity
  • Religious affiliation

The GDPR means the introduction of new requirements and the aggravation of the existing ones regarding personal data handling and storage processes.

The fine for non-compliance with the GDPR can amount to:

  • up to 4% of annual global turnover or
  • €20 Million (whichever is greater)



GDPR is the General Data Protection Regulation published by the European Union effective as of 25 May 2018. The regulation is basically about the processing, protection and free movement of personal data related to natural persons.
GDPR aims to ensure the protection of personal data and privacy and it focuses on natural persons and their data.

The key principles of GDPR related to the processing of personal data are as follows:

• Lawfulness, fairness and transparency: that is, personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
• Purpose limitation: personal data shall be collected for specified purposes.
• Data minimisation: personal data shall be stored to an extent limited to what is necessary.
• Accuracy: the processed data shall be accurate and complete.
• Storage limitation: personal data shall be kept for no longer than is necessary for the purposes for which they are processed.
• Integrity and confidentiality: personal data shall be protected using appropriate technical or organisational measures.
The principle of accountability is closely related to the above meaning that the controller shall be responsible for, and be able to demonstrate compliance with the above principles.





Data map and records of processing activities

We have a 3 level data map module. A key component of any GDPR filing system is an up-to-date Data Map. The Data Map of GDPRoofed shows the personal data stored by the company specifying the storage system, the ID and the purpose of storing them. The software also keep records of processing activities. A well-structured filing system identifies which data of which systems are involved in profiling, or disclosed to a third-party country or organization, and even specifies the duration of data retention.
To prevent additional security risks, the Data Map stores only external system IDs rather than personal data.
The Data Map can be filled manually, but to have an up-to-date filing system, GDPRoofed needs to be integrated with the systems storing personal data. Such integration is supported by standard (REST- API) interfaces or automatic CSV import developed for the system.

Right requests records

GDPRoofed can keep records of any event when a natural person requests their right of control over their personal data. Such instances of exercising control are always stored indicating their status, that is, the filing system shows which instances have been completed and which are still in progress.
The right requests are stored together with the external ID of the person who requested them. If an action is taken (e.g. data deletion is initiated) it can always be verified whether the personal data with the given ID have been actually deleted from the affected systems.

Incident management

The GDPRoofed application provides a feature linked to the Data Map to keep records of incidents. As a result, you can always identify which personal data of which ID and which system are affected by an incident. Data protection incidents can also be transmitted to the Data Protection Authority (automatically or manually).
The feature storing the records of data protection incidents can be integrated with the company’s existing workflow system to fully automate the management of several incidents.

Data transfer records

Data Controller shall be responsible for data processors. To support this, GDPRoofed can keep records of data processor contracts and specific data transfers related to such contracts containing the specific subject ids and affected data map fields. The filing system enables the easy identification of the time of transfer to data processor, the type of data transmitted and the recipient. Data processor contracts can be entered manually or automatically using the standard interfaces provided by the application.

Data Privacy Impact Assessment (DPIA)

GDPRoofed supports privacy impact assessment using the CNIL methodology. The application navigates project managers through the steps of privacy impact assessment based on the guidance of CNIL methodology and produces a detailed Data Privacy Impact Assessment (DPIA) report at the end of the process.


The function can be used to anonimze typical personal data in databases.

Dataflow graph

The Dataflow graph of GDPRoofed gives a visual representation of data movements within the organization. A properly used Dataflow graph recording all data movements maintains the transparency of data assets and helps identify unnecessary data movements and data duplications within the company.

AD integration (LDAP)

Authorization can be integrated with any LDAP/Active directory solution.

We don’t store any specific personal data

The software never stores any specific personal data. It stores just the meta-informations about them.


Standard and ad-hoc reports help the effective business decisions.

Data discovery

The Data discovery module of GDPRoofed is capable of scanning data sets at a database level and recognizing database tables and columns including personal data. Based on the result of scanning, a report is generated that can be used for creating a personal data map after expert validation.

Automatic Data Deletion

The Automatic Data Deletion module of GDPRoofed manages the issue of deleting data from archive systems. Using this feature, you can delete data at any time, after one-off preliminary processing in the archives, even without accessing the archives.



Data asset assessment

Software as a Service/On-premise

GDPR legal counselling

Automated data discovery

Unique Request

Pricing Tables


Data map

Data right request

Incident management




Integration (Rest API, .CSV)

Excel import


On-premise data storage option

Number of systems

Number of file or paper based  registries (tabular, excel, paper)

Number of data subjects

Number of users

Small Business

1999 EUR + VAT yearly

Max. 10

Max. 20

Max. 100 000



6099 EUR + VAT yearly






13599 EUR + VAT  yearly

Max. 25

Max. 20

Max. 500 000



Call us





Avoid the penalties and profit from the regulation

By introducing this system you not only comply with the GDPR requirements but you also have an up-to-date picture of your data asset. 


Java, Oracle/PostgreSQL/MSSQL, Webservice, REST API, Wildfly, JPA


On-premise projects

We are already implementing some on-premise projects with our software. Our product is evolving all the time right now to…

Cloud services, SaaS

We are proud to announce our software as a service solution. From now you can use our GDPR data privacy…

Live demo-s

We have started the technical demonstration of our software to our customers. So far our solution has received positive feedbacks.…

To get the latest information sign up to our newsletter


DSS Consulting Kft.

+36-1 345 0900
Head office

1113 Budapest, Nagyszolos str.11-15
Phone: +36 1 345 0900
Fax: +36 1 345 0909

Our office in Pecs:
7630 Pecs, Finn str. 1/1