GDPR SOLUTION

A 100 % all-around GDPR solution that sets your GDPR work on autopilot. Our software creates all necessary documents and makes sure you document all processes.

With ComplyCloud, you get an all-in-one GDPR solution which includes a fast and easy implementation, all necessary documents and processes and the ongoing control.  All of the legal documentation and content is created by ComplyCloud’s legal team and is covered by a professional attorney liability insurance.

GDPR løsning der laver automatiseret GDPR-dokumentation og kontrol

How to get started?

1

GDPR løsning automatiseret juridiske dokumenter

Send us the documents which you have already prepared

2

ComplyCloud's GDPR to do liste og analyse og rapportering til kontrol med databehandlere

We will implement the documents in the solution and prepare any missing documentation

3

GDPR løsning: ComplyCloud's GDPR årshjul med løbende kontroller

We set up a meeting with you to get you started, after which you just have to follow the solution’s instructions and the automated annual wheel.

Functions

MAPPING AND RECORDS OF PROCESSING ACTIVITITES

Every company must have a record of the company’s processing activities.

Implementation

At the implementation our legal team prepare the customer’s records of processing activities. We already have a large amount of data which makes us able to do the implementation without having to do long interviews with the customer.

In the record of processing activities our users can easily correct and add processing activities in order to keep the record updated and in consistency with the company’s current processing of personal data.

A full overview

The records of processing activities are saved in one place in order for the user to have a full overview of all chapters of the records. The records of processing activities can easily be printed if the company is asked to present documentation to either The Danish Data Protection Agency or customers/data controllers.

You can read the Danish Data Protection Agency’s guidelines on records of processing activities here (in Danish).


COMPLETE PACKAGE OF DOCUMENTS

Our software creates the legal documentation which are based on the users’ answers to the questions in our questionnaires. All documents that are necessary for a company to have in order to comply with the data protection legislation are possible to prepare in our solution.

As a customer, you always have access to all of ComplyCloud’s documents (policies, data processing agreements, security descriptions etc.) and our legal team prepares all necessary legal documents at the implementation.

From questionnaire to a document

All our documents are created by the users’ answer to questions in questionnaires. Legal business logic has been incorporated into our solution in order for the algorithms to make the difficult decisions on the law while the user just needs to concern about the practical handling of personal data when answering the questionnaires.

Next, legal documents are available to the user as if it was a physical lawyer who had made them – ready to use. The content of the documents is covered by our professional attorney liability insurance.

ONGOING COMPLIANCE AND CONTROL

As a company and data controller you must be able to demonstrate that the company meets the requirements of the GDPR and carries out ongoing control of the company and its data processors.

Automated GDPR annual wheel

The ongoing control is ensured through an automated GDPR annual wheel which automatically sends out monthly reminders.

All of the controls are made by answering questions in questionnaires whereupon documentation is automatically made with an illustration of any gaps.

The system sends out 37 controls annually which together cover over 500 controls. Each control takes on average ½ – 1 hour to complete which saves the user a significant administrative time. All controls are made from the ISAE 3000 statement of insurance and its requirements for ongoing controls.

To-do list

When it is time to carry out a control, the control is automatically added to the user’s to-do list and a notification is send to the user’s email. The to-do list automatically updates itself and makes sure to keep you GDPR compliant if you follow the list’s instructions.

REQUESTS FOR INFORMATION, ERASURE ETC.

The persons whom the company processes personal data about have the right to request a copy of their personal data, to withdraw their consent to a specific processing of personal data and to have their personal data erased under specific circumstances.

With ComplyCloud it is easy to prepare a correct reply to such requests in order for the requests to be replied to in a timely and correct manner.

DATA BREACH

If the company experiences a personal data breach you are obligated to document the breach and the likely consequences hereof. In addition to this you might be obligated to notify the personal data breach to the supervisory authority and the persons affected by the breach.

Easy registration and reporting of a personal data breach

With ComplyCloud it is easy to register a personal data breach, to carry out ongoing registration and reporting and to provide documentation the Danish Data Protection Agency if necessary.

CONTROL WITH DATA PROCESSORS

When using data processors in the processing of personal data it is a legal requirement that controls with these data processors and their sub data processors are carried out.

Controls can be carried out either by an information gathering, by obtaining audit statements or by carrying out own audits. ComplyCloud supports all these types of controls.

Send out questionnaires to the data processor

With ComplyCloud you can easily carry out a control by an information gathering by sending out control objectives and questions to the used data processors. Our control objectives and questions give a complete overview of the data processor’s compliance with all control objectives set out in the ISAE 3000. After carrying out a control you will get a report with an illustration of the data processor’s gaps on which you can act.

If desired, ComplyCloud’s legal team can assist you with the control of data processors.

Read more about control with data processors here (in Danish).

ISAE 3000 REPORT

The ISAE 3000 is a statement of insurance which is used to document compliance with the GDPR.

Don’t need an accountant?

With ComplyCloud it is possible to prepare a statement which maps and explains how you, as a company, comply with all control objectives of the ISAE 3000.

The statement is typically used by companies who want to signal credibility and security to any stakeholders by demonstrating the company’s compliance with the GDPR.

Need an accountant?

Some companies are required to be able to present a statement of insurance which has been prepared by an auditor. If this is the case for you, it is possible to prepare the preparatory documentation with ComplyCloud. When the documentation has been made it can be sent out to an auditor who, on top on the documentation from ComplyCloud, can prepare the final statement of insurance. By using ComplyCloud the mapping and documentation will typically result in saving of 25-50 % on the overall audit cost.

Contact us to hear more.

DIGITAL SIGNATURE

It is possible to obtain approved and signed documents and data processing agreements digitally with NemID or e-signature.

All customers have included a number of signatures in their license.

DPO REPORTING

The GDPR requires a certain group of companies and organizations to appoint a Data Protection Officer (DPO) whose role is to carry out an impartial and independent role in terms of data protection.

Easy documentation and processes

We have prepared the documentation and processes to be used by a DPO in ComplyCloud. The rules on independence and reporting of a DPO are incorporated in our GDPR tool so that a DPO can see all created and uploaded documents, but only create the reports and controls which a DPO must create.

How does ComplyCloud work?

1

Implementation

Our legal team reviews the company’s existing GDPR documentation and implement the documentation into the system. Missing or non-existent documentation (data processing agreements, policies, instructions etc.) is also prepared by ComplyCloud’s team in this proces. 

2

Getting started at the platform

When ComplyCloud is done with the implementation, we arrange a meeting where the customer gets onboarded on the platform. All customers receive personalized guidance on the use of ComplyCloud and on the ongoing operations.

3

To do-list

All users have access to a customer-specific to-do list which updates itself and shows if something needs to be done to remain GDPR compliant. After onboarding the customer simply must follow the to-do list to ensure documentation of the ongoing controls. 

4

Automated annual wheel

The customer follows an automated annual wheel which ensures ongoing control of compliance with the GDPR. Our annual wheel covers over 500 statutory controls and such controls are automatically sent to the users’ to-do lists. Although it sounds time-consuming, our software has made sure that it will only take the customer 1-3 hours per month to carry out the control and to obtain documentation on all necessary processes. To our customers, this has typically meant a timesaving on approximately 80 %. 

5

Legal support

Our legal team is ready to help with any legal questions you may have. All customers have tickets for online legal support included in their license. 

Get an offer

You are welcome to contact us if you have questions regarding prices or software. 

Send mail