ProvePrivacy Logo | Blue Green

Back to home


Manage your ROPA to identify data protection risks, maintain policies and procedures and provide colleagues with e-learning materials, from one single platform.

Record of Processing Activities

The Record of Processing Activities (ROPA) is a requirement of most organisations, as defined in article 30 of the GDPR.  Even if not required by law the ROPA forms the baseline for data protection compliance, allowing an organisation to evidence where personal data is used and identify data usage risk.

By establishing a small network of data champions within your organisation you can determine where data is processed.  This allows your Data Protection Officer (DPO) or equivalent, to obtain a holistic view and demonstrate compliance.

The ROPA can be updated through our Activity Workflow, allowing your Data Champions to update it through workshops, one to ones or lone assessments.  

As information is added to the ROPA risks are identified and added to your risk log.  Through screen tips and dynamic questions, ProvePrivacy provides user feedback throughout.  Assisted assessments inform action plans and provide guidance on whether an activity should be referred to the DPO.

Identify where your risks are at a glance and determine which department, supplier or activity requires further remediation. Use the systems recommendations to define next steps.

The data sharing assessment allows you to understand where personal data is shared with your suppliers.  It enables you to assess the compliance of your contracts, demonstrate that your data remains secure and store supplier documentation alongside supplier assessments.

The Data Management assessment allows you to identify where data is stored in your organisation both whilst it is ‘in use’ and ‘in retention’, informing your data retention periods and rationale.

It is one thing having a Data Protection Impact Assessment (DPIA) template, but when do you need to complete it?  Our high risk assessment uses the information that you have entered about an activity to highlight when a DPIA is needed, it then walks you through the process of assessing the risk.

Why use ProvePrivacy to manage personal data and privacy risks?

ProvePrivacy has been designed by data protection consultants, who have focused on two key principles;
– Build a simple solution, so that none data protection experts can use it; and
– Ensure that data protection risks are captured and addressed
This enables your organisation to manage compliance simply and effectively.
Data Breach Management | ProvePrivacy

Risk Management

One clear advantage of ProvePrivacy is the ability to manage risks identified in different areas of the business.  From data breaches to data subjects rights requests and the ROPA, all risks can be identified and logged.


The risk module is the central place for all risks allowing them to be assessed, graded and action plans put in place. 

As it learns more about your organisation ProvePrivacy naturally identifies risks and allows you to manage them through our Risk Management module. By also adding your own risks as you identify them a single place to monitor your data protection risks is created.

Each risk can hold its own mitigation plan which includes any number of actions.  Action planning allows you to allocate individual actions to staff and monitor their completion, providing a single viewpoint of progress.

Data Policy | ProvePrivacy

Policy Management

Our policy module allows each document owner to add policy, procedure or standard forms to ProvePrivacy. Any policy can be added for any department (these are not restricted to data protection policies) and once added will be assigned to the appropriate staff to be read.


ProvePrivacy maintains a record of who has read and understood each document,  and provides annual reminders to the document owner is reminded to review and re-issue policies. 


This demonstrates that colleagues understand policy at regular intervals.

Policy Management enables the management of all company policies (not just those relating to data protection). It provides evidence that all of the required staff have ‘read and understood’ the policies on an annual basis.  In addition it ensures the document owners regularly review and update policies to keep them current.

When adding and putting a document live the owner is asked to provide a document review date. This is then used to issue a reminder to ensure that all policies are regularly reviewed and remain in line with regulatory changes. Once reviewed all appropriate colleagues will need to re-read the revised policy.

eLearning | ProvePrivacy


The knowledgezone is the e-learning module provided within ProvePrivacy.  Training includes a Data Protection and Security Awareness course, tutorials on how to use ProvePrivacy and topics such as the importance of breach reporting.

Tutorial videos are available to all individuals within an organisation and provide short introductions to different topics such as system usage and data protection topics.

The Online Training module enables you to demonstrate that staff have completed data protection & security awareness training. This provides staff with CPD for their development records. 

We are always adding additional courses provided by our sister company knowledgezone.  Other courses such as Health & Safety in the Office and Modern Slavery Awareness are available at an additional cost.

If you have video course material of your own these can be added to ProvePrivacy.  This will enable you to use the evidencing reporting in ProvePrivacy to show that your own courses have been completed by colleagues.


What our clients say

Scroll to Top

Contact us

If you would like to ask more questions or to arrange training, complete the form below and we will respond shortly.

See our Privacy Statement for more details.

Get expert tips and business insights