Full GDPR Compliance Tracking

To maintain GDPR compliance

The GDPR Tracker will guide you through the following:

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.

Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.

Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

The GDPR refers to sensitive personal data as “special categories of personal data” (see Article 9).

The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.

Ensuring your business is aware of the GDPR
You must have a valid lawful basis in order to process personal data.
Consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
Guidance on the required privacy policy notices.
Guidance on the required internal policies and procedures.
Whenever a controller uses a processor it needs to have a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities.
An understand of who and where your data is stored.
Understanding and documenting the need to keep personal data and how long for.
Data subjects will have rights to access their personal data. For example the right to rectification and the right to erasure.
A Subject Access Request (SAR) is a request for personal information that your organisation may hold about an individual. If an individual wishes to exercise their subject access right, the request must be made in writing.
Ensuring data subjects get their personal data in a structured, commonly used and machine readable format.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Individuals have the right to object to:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • direct marketing (including profiling); and
  • processing for purposes of scientific/historical research and statistics.
Data Profiling is “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”.
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
To ensure you are holding the right about of data.
Personal data shall be accurate and, where necessary, kept up to date.
Individuals have a right to ‘block’ or suppress processing of personal data.
Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start
A review of how your business manages electronic and manual records.
A review to see who within your business is responsible for GDPR compliance and ongoing measures.
The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.

If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals.
You must also keep a record of any personal data breaches, regardless of whether you are required to notify.

Data protection impact assessments (DPIAs) help organisations to identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy.

DPIAs can be an integral part of taking a privacy by design approach.

The GDPR sets out the circumstances in which a DPIA must be carried out.

A policy detailing your data security procedures.
The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations.

These restrictions are in place to ensure that the level of protection of individuals afforded by the GDPR is not undermined.

An understanding of how the wider organisation is setup and how personal data is managed in each state.

GDPR Templates & Policies Included

We have a selection of ready to use GDPR templates and policies to show how your small business is GDPR complaint.

  • Website Terms & Conditions
  • Privacy Policy
  • Cookies Policy
  • Data Retention Policy
  • Data Protection Policy
  • IT Security Policy
  • And more..



GDPR Compliance Report

Once you’ve put all the correct measures in place and documented through the GDPR Tracker, you’ll be able to download a report detailing the steps taken if a request were made asking what steps were taken or if an issue were to arise.

Keep this up to date and you’ll be able to provide a real time update on your GDPR compliance to anyone that requests it.

Stay GDPR Compliant

Specific tasks to manage ongoing GDPR compliance.


Create tasks with your own dates and reminders to manage ongoing GDPR compliance.

Full audit trail available on tasks completed.

Suggested tasks are also available to help manage ongoing GDPR compliance including updates on the GDPR regulation.

Unlimited GDPR Support

All GDPR Tracker users will have access to our GDPR Support Facebook Group (Closed) where you can get support from our GDPR consultants.

Features in the Pipline

  • SAR Management
  • DPIA Management
  • Breach Management

Whitelabel Available

Provide your clients with a white label, self-service tool based on the GDPR Tracker. Get in touch for more information on the GDPR Tracker

Manage GDPR Compliance Today

Don’t just take our word for it. Trustpilot users rate GDPR Tracker over 4 out of 5. See our Trustpilot reviews.