System of Record Services for GDPR

The Northdoor solution helps you capture and organise information for reporting and compliance with Data Protection Regulations

Are you ready to get in touch?

  • 0207 448 8500
Request a Call back

Simplify and accelerate GDPR and DPA documentation

Northdoor GDPR System of Record helps businesses capture and organise information for reporting and compliance with the EU’s General Data Protection Regulation, and with related regulations such as the UK’s Data Protection Act 2018.

  • Catalogue personal-data processes at the right level of detail
  • Capture process information and add information on GDPR requirements
  • Generate Article 30-compliant audit reports on demand
  • Run lightweight PIA risk assessments across all processes
  • Provide a measured risk-based approach and documentation for DPIA assessments.

When gathering, organising and managing information relevant to the General Data Protection Regulation (GDPR), it can be hard to know where to begin. Data collection tends to start with either the source data or the reported output from a data flow. In both cases, the result is usually unmanageably large volumes of data.

A cost-effective approach

A better approach is to focus on the processes around personal data, as the GDPR is primarily concerned with those processes and how they impact the Data Subject.  While there are a few solutions on the market that claim to provide a system of record keeping for GDPR-related processes, they tend to be costly, inflexible and based on proprietary software.

For businesses seeking a simpler, faster and more cost-effective approach, Northdoor has drawn on its 30-year experience of managing business-critical data in highly regulated industries to create an adaptable toolset built on standard Microsoft Office software.

Simplify and accelerate compliance

The Northdoor GDPR System of Record combines custom software, templates, training, ongoing development and support in a single service. Proven in field deployments for major global businesses, the Northdoor solution simplifies and accelerates the maintenance of statutory documentation around the GDPR (and other regulations such as the UK DPA 2018).

In addition to improving the quality of information—reducing the risk of non-compliance, with its significant financial penalties—the Northdoor solution saves time and effort. Freed from the burden of data gathering and management, key employees can instead focus on value-add activities, without jeopardising GDPR compliance.

The Northdoor GDPR System of Record

Process catalogue

The solution provides an Excel-based tool for creating a catalogue of personal-data processes within the scope of the GDPR. By helping businesses to capture the right level of detail—enough to ensure compliance without requiring excessive administration—the Northdoor solution provides a robust starting point for addressing Article 30 of the GDPR. Process descriptions can be captured graphically or using text annotation.

Process capture

A second Excel-based tool enables the population of process descriptions with additional GDPR requirements—for example, to record the legal basis for capturing personal data. Each catalogued process will have its own compliant document.

Article 30 reporting

Once all personal-data processes have been catalogued, documented and mapped to personal-data elements, the solution can provide organisation-wide reporting to meet the requirements of Article 30—Records of Processing Activities—of the GDPR.

Lightweight risk assessment

The Northdoor solution includes a threshold reporting tool that collates basic risk scores for each documented process. The Data Protection Officer can then use 13 questions based on UK statutory guidelines to generate an adjusted risk score. Compliant with the GDPR requirement for Privacy by Design, this tool helps businesses determine whether a full DPIA (Data Protection Impact Assessment) is required. As DPIAs become permanent documents requiring periodic review, businesses should not create them indiscriminately.

Data Protection Impact Assessment

The Northdoor solution includes templates for setting up and managing DPIAs over their full lifecycle. Scoring and assessments are collated into a control document that helps decision makers understand the identified risks so that they can set up remediation plans.


  • The Northdoor solution minimises the time and effort required to manage records of GDPR-related processes.
  • Particularly for smaller organisations, it helps reduce risk while freeing up valued employees to focus on more profitable activities.
  • By documenting findings in a clear and structured manner, the solution creates transparency for both GDPR auditors and the business.
  • Backed by expert support from Northdoor, the solution includes all the necessary training as well as ongoing development and customisation.

For more information, please contact us. Alternatively please download our service brochure:

Download our System of Record for GDPR service brochure

Read our System of Record for GDPR articles

Interested in seeing our GDPR System of Record services in action?

Request a demo or contact sales on: 0207 448 8500

Request a demo

Our Awards & Accreditations