Every tool a DPO needs.
Nothing they don't.

01

Data Flow Mapping

Department-by-department mapping of every personal data flow — what's collected, who accesses it, where it's stored, how it's disposed of, and which legal basis applies. Auto-generates your ROPA-ready inventory.

02

Records of Processing Activities

A structured, regulator-ready ROPA that satisfies DPA accountability obligations. Tracks processing purpose, data categories, legal basis, retention periods, and third-party processors — exportable as a Word document.

03

Breach Management

Captures incidents from first detection through resolution. Automatically starts the 72-hour notification clock (DPA s.26), guides severity assessment, tracks Commissioner notifications, and maintains a complete incident register.

04

Privacy & Risk Assessments Hub

Seven guided assessment tools in one hub — Organisational Privacy Audit, PIA/DPIA, AI Readiness, Vendor Risk (Tier 1–3), Data Security (6 domains), Transfer Impact Assessment, and Breach Readiness.

05

Consent & Legal Basis Register

Tracks every consent mechanism across the organisation — collection method, withdrawal process, expiry, and the full multi-select legal basis inventory required under ss.6–12 of the DPA. Single-select is a compliance error.

06

Policy & Document Generator

Generates Barbados-localised privacy policies, data sharing agreements, processor contracts, retention schedules, and subject rights notices — all as editable Word documents ready for client delivery.

07

Training & Awareness

Manages staff training sessions, tracks individual completions, schedules refreshers, and maintains a defensible training record across Barbados, Jamaica, and Grenada jurisdiction modules.

08

Data Subject Requests

Full workflow for access, erasure, correction, restriction, and objection requests. The 30-day deadline is triggered from identity verification date — not receipt — exactly as the DPA requires. No missed deadlines.

09

Audit & Evidence Log

A timestamped, immutable accountability trail of every compliance action taken across the platform. When a regulator requests evidence of due diligence, this is your answer. Exportable for immediate submission.

10

AI Readiness Assessment

Structured evaluation of an organisation's data governance posture before AI deployment. Assesses training data provenance, algorithmic transparency, bias risk, and regulatory exposure under emerging AI accountability frameworks.

11

Vendor Risk Management

Three-tier risk classification for every third-party processor and sub-processor. Tier 1–3 framework assesses data access scope, security posture, jurisdictional risk, and contractual compliance obligations under the DPA.