Remember the last time a company asked you for permission to hold your data? The chances are that it was because of the General Data Protection Regulation (GDPR), or GDPR. Even though the GDPR went into effect some years ago now, many companies are still coming to terms with the new data handling requirements.
If you haven’t got time to read the whole post and came for the tools, here is our list of the best GDPR compliance software:
- SolarWinds Access Rights Manager (FREE TRIAL) The reporting engine of this access rights monitor will help you prove GDPR compliance.
- ManageEngine EventLog Analyzer (FREE TRIAL) This SIEM tool not only searches for security breaches, but it also confirms the ongoing security of sensitive data, making it great for demonstrating GDPR compliance.
- LogicGate A cloud-based risk compliance assessor that helps you keep within GDPR requirements.
- privIQ This is a compliance assessor that offers guidance on what system security weaknesses need to be fixed to comply with GDPR, LGPD, PDPA, POPIA and KVKK.
- Netwrix Auditor Perform risk assessment, identify sensitive data, and implement access rights controls with this attractive tool.
- Wired Relations A SaaS package of privacy management tools that supports compliance with GDPR.
- Really Simple Systems CRM system with a data collection consent feature. Available in free and paid versions.
- Vigilant Software GDPR Manager A system GDPR compliance assessor that includes a breach event logger.
- OneTrust A risk assessor that tracks privacy and compliance problems and the efforts to close them off.
The best GDPR compliance software
Before we look at the list it’s important to take note of the GDPR’S main provisions:
- Companies require the consent of customers to process their data.
- Companies need to have a legitimate reason to hold data on their customers.
- Customers have the right to be forgotten (or the right to have their data destroyed).
- Companies must notify customers after a data breach.
- Certain companies must appoint a data protection officer to oversee GDPR compliance.
These provisions apply to any company that holds data on EU citizens. Complying with these privacy regulations can be tricky, but a management software platform can make the process much easier. There is a range of GDPR compliance software platforms that allow you to access data, manage policies, and view data handling processes through one interface (which is particularly useful when responding to data breaches).
What should you look for in GDPR compliance software?
We reviewed the market for GDPR compliance systems and analyzed the options based on the following criteria:
- A package that can provide compliance auditing
- A service that will prevent abuse of PII
- Controls over file activity
- Scanning for data movements
- Services that can also impose controls for other data privacy standards
- A free trial or demo version for a no-obligation assessment
- Value for money in a tool that also provides complete compliance coverage
We used these selection criteria as guidelines in our assessment of compliance tools while also looking for a mix of cloud-based and on-premises solutions.
1. SolarWinds Access Rights Manager (FREE TRIAL)
SolarWinds Access Rights Manager is a user access monitoring tool that can be used to demonstrate GDPR compliance. SolarWinds Access Rights Manager monitors user access to personal data. The user can automate the provisioning and de-provisioning of user accounts to control who has access to sensitive information.
- Offers GDPR compliance in access controls
- Audits Active Directory
- Assists in AD management
- Unifies and standardizes the management of multiple AD instances
- Produces compliance reports
The platform scans user accounts and identifies insecure configurations (that could be exploited by a bad actor). After identifying an insecure account, SolarWinds Access Rights Manager creates an alert so that a human user can begin remediation. Alerts help to respond more effectively if there is a risk to customer data and complies with GDPR regulations.
To help you with auditing, SolarWinds Access Rights Manager has reports. You can develop on-demand reports for Microsoft Exchange, SharePoint, permissions, and other assets to verify their safety. Having an audit trail helps show that your GDPR security controls are successfully protecting customer data.
- Can be used to quickly demonstrate GDPR compliance as well as adherence to other standards such as PCI-DSS and HIPAA
- Pre-configured reports make it easy to demonstrate compliance
- Any compliance issues are outlined after the scan and paired with remediation actions
- Sysadmin can customize access rights and control in Windows and other applications
- In-depth platform designed for sysadmin which may take time to fully learn
If you’re looking to monitor user access and satisfy GDPR reporting requirements then SolarWinds Access Rights Manager is very useful. SolarWinds Access Rights Manager starts at a price of $3,444 (£2,615). You can download the 30-day free trial.
2. ManageEngine EventLog Analyzer (FREE TRIAL)
ManageEngine EventLog Analyzer is a log analysis tool that can be used to comply with GDPR requirements. With ManageEngine EventLog Analyzer you can collect and analyze log data from across your network. Log management allows you to verify that the devices in your network are secure.
- System security monitoring
- Logs security measures for compliance
- Stores event logs for compliance auditing
There are also compliance audit reports to help you develop a record of risks. There are compliance reports compatible with PCI DSS, FISMA, GLBA, SOX, HIPAA, ISO 27001 that can also be used with the GDPR. These reports can be scheduled so that you periodically view security risks.
- Customizable dashboards that work great for network operation centers
- Multiple alert channels ensure teams are notified across SMS, email, or app integration
- Supports major compliance standards such as GDPR, PCI-DSS, FISMA, SOX, and HIPAA
- Supports file integrity monitoring that can act as an early warning system for ransomware, data theft, and permission access issues.
- Forensic log audit features enable admins to create reports for legal cases or investigations.
- Is part of a larger monitoring platform, takes time to fully explore the tool and its uses
There are three editions of ManageEngine EventLog Analyzer: Free Edition, Premium, and Distributed. The Free Edition supports up to five log sources with compliance reports free of charge. The Premium edition starts at $595 (£459.99) per year with support for 10-1000 log sources and to log forensic analysis.
The Distributed edition starts at $2,495 (£1,928) with support for 50-unlimited log sources with distributed central-collector architecture. You can download a 30-day free trial.
LogicGate is a web-based automated risk compliance solution that satisfies many requirements of the GDPR. Through the LogicGate portal customers can launch a Data Access Request, Data Correction Request, Data Portability Request, and Data Removal Request. You can use the platform to respond to access requests and make sure that you’re not breaching the GDPR.
- A SaaS platform
- Risk assessment for GDPR
- Serves DSARs (Data Subject Access Requests)
In the event of a breach, you can use the breach response process to respond within 72 hours. There are automated alerts to notify the authorities when you’ve discovered a breach. Being able to identify and respond to breaches promptly makes sure that you’re doing everything necessary to protect customer privacy.
More generally you can use the Data Processing Activity Records module to outline how your company processes personal data. You can build an asset inventory, which shows the relationships between different systems so you know exactly what risk factors customer data is exposed to.
- Supports GDPR as well as other popular compliance standards
- Features a customer portal where third parties can make data requests in a secure and auditable way
- Automated alerts can keep teams informed of compliance issues as well as breaches
- A sysadmin can build their own asset inventories and apply custom permissions based on their needs
- Pricing is not transparent
- Must contact sales for a demo, no free download
To view a quote for LogicGate you will have to contact the company directly. The price will depend on the number of users, whether it’s a single application, where it’s deployed, and any additional features you wish to use. You can request a demo.
privIQ is a piece of compliance software designed to comply with GDPR and 6 other data protection standards. The tool provides you with analysis capabilities to help run compliance assets and protection impact assessments to satisfy GDPR requirements. You can record your data processing activities and use data mapping exercises to manage risk factors and data breaches.
- Maps compliance to GDPR, LGPD, PDPA, POPIA, and KVKK
- Offers compliance readiness task tracking
- Includes best practices guides
You can manage your GDPR compliance strategy through the dashboard. You can create users, assign tasks with due dates, and view these on the dashboard. You could create tasks that correlate to processing activities. Users also receive notifications when due dates are approaching to make sure that they have completed the task. The dashboard helps your team to stay on top of IT assets.
There are four versions of privIQ available to purchase: Professional, Business, Business +, and Enterprise. The Professional version costs $58.20 (£45) per month for up to nine employees with two users. The Business version costs $116.46 (£90) per month for 10-50 employees and two users.
- Offers out-of-box reporting for faster compliance results
- Comes in four pricing packages, making it ideal for any size businesses
- Great visual reports and flow charts help map complicated permission structures
- Web client can lag at times
The Business + version costs £145 per month for 51-250 employees with five users. The Enterprise version supports 250 plus employees and unlimited admins/users but you need to request a quote.
5. Netwrix Auditor
Netwrix Auditor is an auditing compliance platform that helps you to identify and protect GDPR data. Netwrix Auditor allows you to pinpoint the location of GDPR data right down to individual files and folders. Finding these files helps you to know which data you need to protect and where to find it in case of an emergency.
- Discovery and classification of sensitive data
- Data access logging
- Access rights controls
You can also implement access right controls to determine which users have permission to access individual files or folders. You can view reports that detail user access rights so you can see who has the necessary privileges to access what information, and whether permission was granted Directly or on a Group basis.
To monitor security risks Netwrix Auditor has a risk assessment function. You can run a risk assessment to find vulnerabilities in your identity and access settings. For example, you can view a summary of privacy risks such as User accounts with passwords not required and disabled computer accounts, alongside a Risk level.
- Easy to use interface
- Can automatically identify and map GDPR data
- Can edit permissions based on groups, individual users, or in bulk
- Risk level is calculated based on a number of variables detected during the scan
- Trial period could be longer
- Alerting needs improvement, more customization options
- Could use more self-help and guided training resources
If you’re looking for a tool to help you map out your data processing and identify potential vulnerabilities then Netwrix Auditor is worth investigating. However, you will have to request a quote from the company directly. You can download the 20-day free trial.
6. Wired Relations
Wired Relations is a cloud service that offers compliance tools for GDRP, ISO 27001 / 27701 and other privacy programs. This system has a number of useful modules that include an eDiscovery tool and a data classification module. It also has a third-party risk management service built-in.
- SaaS platform
- Discovers and classifies sensitive data
- Data mapping
- Assesses third-party risk
The eDiscovery system reaches out to supplier hosts, so you can map your data no matter where it is located. The location of each datastore is clearly flagged. This service is automated and continuous, so when new data locations arise, the Wired Relations system spots them.
The third-party assessment module includes a data processing agreement management system. This also notes the location of each supplier, which is very important for GDPR. The tool also includes a processing documentation guide, so you know exactly what your obligations are under GDPR.
The data mapping makes it easy to present a Register of Processing Activities when an organization is asked to document compliance.
Moreover, the system has an easy-to-use Task Manager making it easy to collaborate throughout your organization. With the task manager, you can drag-and-drop to-dos and controls.
- Operates as a cloud-based service, no complicated onboarding or installs
- Can automatically identify and classify data on your network to help aid in GDPR compliance
- Simple yet informative interface gives you a great overlook of your compliance audit and current standing
- Can be set up for continuous scanning – great for long term use
- Would like to see a longer 30-day trial
The Wired Relations system is a subscription service with three editions. The Essentials Pro plan includes all of the tools that you need for compliance. The Pro edition adds on controls management and a risk assessment module. The top plan, called Premium, has a lot more features, including data tagging. You can access a free demo.
Read more:9 Best GDPR Compliance Software