Methodology for privacy management program
User Guide
Collaborative digital GDPR compliance management process
Role based access management and underlying governance program
Electronic inventory of processings
Collaborative process & GDPR compliant processing sheets to be filled-in online
Automated assessments
Automated assessments of likelihood that processings will lead to high risks for data subjects, of security level of internally & externally managed IT resources (CNIL, ISO) + suggestion of TOM’s
To-do lists
Automatically generated lists of data processing agreements to be concluded, of DPIA’s to be created
Documentation depository
Documentation depository of legal bases, applicable data subjects rights, relevant agreements, etc.
Structured data & clauses
For generating data processing agreements, privacy notices, responding to data subjects & authorities
Automated compliance status & dashboard
To facilitate creation & maintenance of GDPR compliance roadmap
Privacy Management Policy
Other policies
Supporting GDPR compliance (information security, data retention, incident management, etc.)
Respect of data subjects rights
Legitimization & securization of data transfers
Respect of general principles
Set-up of inventory
Set-up of organization
Risk management of processings
Securization of assets & data
Management of information lifecycle
Legitimacy of processings
Transparency of processings
TPOmap offers you a collaborative platform to efficiently manage processing records, privacy governance, policies, risks, vendors & data subject rights. It is based on a smart mix of automatization, legal content & human support to minimize resources & costs for implementing all necessary GDPR compliance measures including privacy notices and processing agreements. Everything you need to be compliant and to stop worrying.
Whether you are the DPO of a large international company or working for a smaller structure, we have the perfect solution for you. Adapted to your needs and always focused on simplifying GDPR compliance, using our collaborative platform. We will always provide you with our TPOmap onboarding support, by telephone (or Teams…). You can ask your questions and we follow a detailed procedure to make sure we capture your needs and the way your company is operating.
And then it’s basically up to you – you want all the extras included? Like the Privacy management policy template, or the Controller processor agreement template? Or just the basics? Of course you can always start small and scale up whenever you need to.
Set-up - TPOmap onboarding support
Access to the 4 basic modules (record ; security measures; risks and contracts; legitimacy)
Privacy notice Template [1 language]
Privacy Management Policy Template [1 language]
Privacy notice HR Template [1 language].
Controller-processor agreement Template (art. 28 RGPD) [1 language].
Security Policy Template and Incident and Data Breach Management Policy Template [1 language]
Advisory support included
1 Full user
1h hour/month
2 Full users
1h hour/month
2 Full users
1h hour/month
2 Full users
1h hour/month
Set-up - TPOmap onboarding support
Access to the 4 basic modules (record ; security measures; risks and contracts; legitimacy)
1 Full user
Privacy notice Template [1 language]
Privacy Management Policy Template [1 language]
Privacy notice HR Template [1 language].
Controller-processor agreement Template (art. 28 RGPD) [1 language].
Security Policy Template and Incident and Data Breach Management Policy Template [1 language]
Advisory support included
1h hour/month
Set-up - TPOmap onboarding support
Access to the 4 basic modules (record ; security measures; risks and contracts; legitimacy)
2 Full users
Privacy notice Template [1 language]
Privacy Management Policy Template [1 language]
Privacy notice HR Template [1 language].
Controller-processor agreement Template (art. 28 RGPD) [1 language].
Security Policy Template and Incident and Data Breach Management Policy Template [1 language]
Advisory support included
1h hour/month
Set-up - TPOmap onboarding support
Access to the 4 basic modules (record ; security measures; risks and contracts; legitimacy)
2 Full users
Privacy notice Template [1 language]
Privacy Management Policy Template [1 language]
Privacy notice HR Template [1 language].
Controller-processor agreement Template (art. 28 RGPD) [1 language].
Security Policy Template and Incident and Data Breach Management Policy Template [1 language]
Advisory support included
1h hour/month
Set-up - TPOmap onboarding support
Access to the 4 basic modules (record ; security measures; risks and contracts; legitimacy)
2 Full users
Privacy notice Template [1 language]
Privacy Management Policy Template [1 language]
Privacy notice HR Template [1 language].
Controller-processor agreement Template (art. 28 RGPD) [1 language].
Security Policy Template and Incident and Data Breach Management Policy Template [1 language]
Advisory support included
1h hour/month
Interested in TPOmap?
Get a demo now !
On the 8th of December, find us at the House of Startups to host a conference on the Risks and Safeguards of our Data-driven world together with Legal Hackers !
In the era of digitalization, it is more important than ever to protect individuals’ personal data in a responsible way. Thanks to the General Data Protection Regulation (GDPR), it has become easy and accessible to all.
The GDPR defines a series of appropriate legal, technical, and organizational measures that organization have to implement in order to achieve a sufficient level of protection of the data they process about individuals. Although it was drafted and passed by the European Union, it imposes obligations onto organisations anywhere, as long as they target or provide products or services to people in the EU.
We believe that the best way to protect individuals is trough compliance with the GDPR. Together, we will work on bringing your organization’s data protection to the next level.
Certainty about your processing activities – Have the means to create an inventory of processing activities that is accurate, compliant with GDPR, easy to complete and easy to maintain, always up to date.
Clarity – You know exactly what you are responsible for.
Collaborative process that ensures that information comes to the DPO (he doesn’t need to search for it).
Data driven solution that will precisely tell you where you stand in terms of GDPR compliance.
Quality of data available to the DPO (centralized, structured & detailed information provided by knowledgeable individuals).
Efficiency – no double encoding of the same information – gain of time.
Relevance of available data – allows for efficient creation of fact-based processing agreements and privacy notices.
A range of documents / templates / processes ready to use (privacy management process & governance, privacy management policies & model clauses…).
One version of the truth – Overview – visualize all information about personal data related processing activities in one central place, structured in a way that is meaningful for all stakeholders involved in privacy by design (IT, legal, CISO, operations, DPO).
Benefit from a real time view on compliance status.
Privacy by design – all departments are invited to collaborate, use the same logic, and to adapt their processes before launching a new project.
TPOmap was founded by Sabine Mersch, a legal privacy professional accredited as Legal Expert by the European Privacy Seal (EuroPriSe) and as Certified Information Privacy Professional by the International Association of Privacy Professionals (IAPP). She is practicing in the data protection field since 2006. Her consulting firm ”The Privacy Office” (TPO) works as an external Data Protection Officer and provides small, medium and large companies in Europe with advice on compliance with data protection regulations. Prior to establishing her own firm, Sabine Mersch worked as a Corporate Attorney in the fields of Mergers & Acquisitions, Law and Compliance, for an international brewery group operating in Belgium and Germany. She began her professional career as a fully qualified attorney with the Brussels-based law firm Liedekerke, Wolters, Waelbroeck & Kirckpatrick, and as a research associate at the University of Constance.