Skip to content

Data protection compliance doesn’t need to be a costly, complex burden.​

PrivIQ’s intuitive workflow and user-friendly task management software reduces the time and cost of compliance.​



The dashboard gives you an immediate overview of the risks, status and responsible stakeholder for every compliance item.​



A collaborative tool​

One person can’t achieve compliance. You need collaboration tools for efficient teamwork.

Assign Tasks​

PrivIQ enables you to assign tasks and monitor your team’s achievement

Share Documents

The documents you upload to PrivIQ are accessible to your team for remote comment and sharing

Be Notified

PrivIQ notifies you when a deadline is approaching or a task is complete​


PrivIQ enables you to​

Monitor and manage your risks centrally

Track progress and record actions

Document risk mitigations


Summary of PrivIQ’s main features​

Subject Access Requests​

Respond to SARs by assigning responsibilities, tracking progress and documenting risk profiles.
  • Use secure forms to standardise incoming SARs
  • Manage your SAR response workflow
  • Use the system to locate personal data

Data Protection Impact Assessments

Identify the data protection risks of a project, assess your need to complete a DPIA and document the process if you do.
  • Use the step-by-step wizard to create a DPIA
  • Use the collaborative workflow to gather input from all stakeholders
  • Fine-tune the assessment using the guide to potential risks and mitigations

Data Breaches

Record and assess the severity of a breach, and follow actions to mitigate similar incidents.
  • Use workflows to manage incidents
  • Keep a register of incidents and responses
  • Receive guidelines to report to supervisory authorities and inform impacted data subjects

Governance Documentation

Store all your policies and notices in one central location.
  • Make use of provided policy and notice templates

Third Party Processing and Data Sharing

Upload, centralise and monitor your data processing contracts and agreements with third parties and controllers.
  • Keep an audit trail of your data processing contracts
  • Receive alerts when data processing contracts are up for renewal
  • Track which personal data you're sharing with which third parties
Third parties

Data Mapping

Record the types of data you’re collecting and where they’re being processed.
  • Simplify your data mapping process
  • Understand your data flow with visualisation tools
  • Visualisation tools to simplify understanding.
Data Mapping


Activate the reporting you require to show the status of all your data processing activities and risk assessments.
  • Automatically record your processing activities
  • Customise your assessment reports on all aspects of compliance
  • Quickly monitor your compliance status via the dashboard

Employee Training

Record your efforts to train staff in data protection.
  • Automatically send compliance policies to all staff members
  • Keep an audit trail of receipt and acknowledgement
Employee Training

Data Protection Officers

Identify the responsibilities of a DPO and establish if you need one or not.
  • Understand the role of the DPO
  • Define your DPO needs


Manage personal data breaches

Manage data breach incidents

The high incidence of data breaches means that avoiding a personal data breach is no longer enough. PrivIQ enables you to prepare for data breaches by having a system in place to manage your response to them, from assessing and documenting to reporting them within the stipulated 72 hours of becoming aware.
  • Manage your responses to personal data breaches
  • Report personal data breaches to the authorities
  • Protect your organisation from the risk of a bad reputation
Definition of a data breach​

A data breach is a security incident involving unauthorised access to sensitive, protected or confidential data, either intentionally or unintentionally.

Report it or not? Don't follow Google's example​

After suffering a data breach, Google was forced to shut down Google+. The firm only announced the breach several months after it happened.


Simplify data mapping

Know where your data is going inside

Data mapping is an essential preparation for data regulation compliance.

PrivIQ’s data mapping tool enables small and medium-sized organisations to see how data flows through their systems. It documents the relationships between data controllers and data processors so you can provide current records of your data processing activities, as required by Article 30 of the GDPR.
  • Generate an audit of your data processing activities
  • Understand and manage your data protection risks
  • Respond to data subject access rights and requests
Data Mapping 2
Data Mapping
What is Data Mapping?

Data mapping is the process of finding and classifying data so that it can be managed and protected, especially in relation to data protection laws.

Update your processes

Mapping you data flow is crucial, but when a new vendor or provider is coming into play, you have to add it to the data mapping process.


Data protection impact assessments

Achieve data protection by design

Organisations need to assess any personal data processing that might result in high risk to individuals. Even if you don’t need to undergo a full DPIA, you have to document the screening questionnaire that leads you to that conclusion. Our approach ensures you record your processing details and document the risks and mitigation activities you’ve put in place.
  • Pre-defined screening and purpose questionnaires
  • Wizard to justify processing and document protection of individual’s rights
  • Workflows to receive feedback from stakeholders and manage the approval process
  • Automation rules to analyse risks and record mitigation records
  • Easily run reports for stakeholders and regulators
What is a DPIA?

A data protection impact assessment is a process to systematically identify and reduce the risks related to personal data processing. The DPIA documentation is a blueprint that can be used by the organisation to implement data protection by design on those processing activities.

Article 35 of the GDPR

Article 35 of the GDPR requires that you undertake a Data Protection Impact Assessment (DPIA) for all high risk processing. A DPIA is a means of documenting the measures you’ve put in place to achieve compliance. You should have completed the DPIA prior to undertaking the processing.


Simplify subject access requests(SAR)

Easy to use templates and procedures

Our SAR tool alerts you when a new subject access request comes in, and reminds you to respond so you don’t miss the regulated response deadline.

We provide you with:
  • A pre-built brandable form you can link to from any website or application
  • Real-time alerts and reminders
  • A case management system that records and stores your SAR responses in one location
  • The option to add written and verbal requests manually
  • Multilingual forms
  • Workflows to ensure you validate and respond before deadlines
What is a Subject Access Request?​

A subject access request is a request made by a data subject for the information that your organisation holds about them. Data subjects have the right to receive this information without charge and within 30 days.

Article 15 of the GDPR

Article 15 of the GDPR states that data subjects have the right to find out how controllers are using their personal information. Data subjects also have to right to ask controllers to stop using their information or erase it altogether.