Data privacy compliance management and operations


Multiple Regulations

Pre-loaded regulatory compliance versions including CCPA, US Multi-State, GDPR-EU, GDPR-UK, LGPD, POPIA, PDPA, NDPR and KVKK. Configurable compliance checklists and versions for each jurisdiction – “mix and match”. Pre-built privacy frameworks, e.g., NIST, ISO 27701 and information security frameworks.

US Multi-State Capability 

Data Protection DynamiX (DPDx) is a combined compliance privacy framework that includes regulatory obligations for US State privacy laws, including California, Colorado, Virginia, Utah and Connecticut.

Compliance Framework that Maps to Multiple Regulations and Statutes

 Data Protection DynamiX (DPDx) is an umbrella privacy framework that is regulation agnostic and flexible. Demonstrate compliance of multiple requirements by adopting the DPDx practices embedded in the compliance checklist items and throughout the modules.

Compliance of Controls to Regulations and Privacy by Design (PbD)

Pre-built controls or use your own and tag them to compliance statements and Privacy by Design practices.

privacy program compliance assessment

Prebuilt Compliance Checklists

Detailed checklists—assess, improve, optimize and monitor your organization’s status and maturity in data protection by completing compliance statements. Designate a risk level, assign tasks and reminders and document the status of each compliance control statement.

Compliance Areas

Includes Business Environment and Governance, Regulatory Compliance, Risk Management, Program Measurement, Data Management, Data Subject Rights, Data Subject Participation (Consent Management), Organizational Change, Information Security, Third Party Management, Incident Response, Privacy by Design (PbD), Employee / Contractor Compliance and Privacy Compliance Task Management.

Organizational Readiness and Change Management

Checklist focused on the people-side of privacy to guide your working sessions with team members, processors and other stakeholders so you can create enduring privacy practices throughout your company.

IT Security Assessment Integration

Upload assessments, create or upload compliance checklists for IT Security framework or tag compliance items with security control reference.

Employee / Contractor Compliance

Compliance sections for employee / contractor practices and employee data handling and management. Acknowledgment of notices and policies to employees and contractors. Track training completion by individual and completion date. Create, upload and link employee privacy awareness and skills development training to system. Maintain auditable records.

Risk Assignment and Mitigation

Select or change risk levels of compliance sections or individual items. Enter mitigation notes and attach files.

GDPR Compliance Gap Analysis

GDPR version includes compliance checklists specific to GDPR. Each item is mapped to GDPR Article and when assessment performed, displays and reports GDPR Compliance Gaps.

Compatible with every Framework 

Futureproof your privacy program to meet current US State and Federal privacy laws and regulations AND demonstrate sound data management practice.

Custom Checklists

You can create individual items or upload an entire framework from a spreadsheet, including notes and documents. Gives you the flexibility to tailor elements or upload frameworks that apply to your business. You can include specific US State requirements, for example, California’s CCPA and CPRA, Colorado’s CPA, Virginia’s CDPA, etc. as checklists as well.

Task Management

Assign compliance items individually or as a section, add due dates, reminders. Receive task status and reminders via email and within the platform.

Integrated Project Plan

View and sort items by status: not started, in progress or completed. Indicate items that are not applicable. View and sort items by risk level.

Evidence Collection

Create notes, Add tags to individual compliance checklist items, and file uploads.

reporting, dashboards and audit logging

Real-time status and Configurable Reporting

Report and view individual compliance areas, choose the sections – Organization, Data Mapping, Governance, Stakeholders, Service Providers / Processors, Compliance and Data Sharing. Select Tasks, Status and Notes. Create PDF reports or download Excel spreadsheets.


Information updates and displays in real time for compliance, risk, data mapping, data locations, third party providers, employee compliance, data subject requests, impact assessments and incidents.

Logging and Audit

System creates immutable audit log for all data entry. Provides email and in app notifications and workflow.

data mapping and records of processing activities (ropa)

Enter information once, use over and over

Enter the information once and the platform populates and manages key aspects of privacy management automatically.

Data Subject and Business Process Orientation

Option to start with either the people or the business process when you create your data inventory.

Step by Step Workflow.

Create your personal and sensitive personal information inventory by selecting items or creating your own. Understand whose information you hold, for what purpose, under which lawful basis and for what duration.

Legitimate Interest Assessment (LIA)

Where applicable, you are prompted to complete Legitimate Interest Assessments (LIA) and it stores all artifacts of data mapping.

Map by Department

Can toggle option to perform and organize data mapping by department. The data map and associated outputs segments and filters by department

Visual Maps

Instantly see what data you hold, who you send it to and with whom you share it.

Auto Populated Privacy Notices and Records of Processing Activities

Enter and update data and service providers / processors, populating and publishing personal data and lawful bases in public web notices and required activities for regulators.

Integrated With Impact Assessments and Processor / Service Provider Data Management

Enter data once and the platform serves up drop down menus in other modules where you can select the data and processes you need to analyze or for vendors you manage.

personal data inventory

Records of Processing Activities (ROPA)

Shows listing of each record by data subject, business process, lawful basis, retention period, legitimate interest assessment (if applicable), personal data elements, sensitive personal data elements, data location, system, service provider / processor, third party sharing, and IT security measures.

Data Inventory Wizard

Follow workflow starting with either department or data subject and select from drop down lists or create your entries.

Custom Data Records

Create custom records or elements within a record on the fly.

Data Collection Sources, Location and Service Providers

Enter and store information about collection sources, location, geographic region and service providers for personal and sensitive personal data.

Personal Data Catalog

Create and maintain a catalog of personal data for your organization. Information includes Data Subject, Business Process, Lawful Basis, Retention, Service Provider, System, Location, Technical and Organization Security and Data Sharing. Updates other modules of the platform that require data inventory information, e.g., Impact Assessments, Data Subject Requests and Incidents.

Personal Sensitive Data Catalog

Create and maintain a catalog of sensitive personal data for your organization.

System Inventory

Enter your systems and service providers. The platform produces a system inventory with system and service provider name, location, contract term and status.

data map reporting and dashboard

Data Subjects View of Processing and Elements

Maintain catalog of personal and personal sensitive data for your organization, starting with data subject. Information includes Data Subject, Business Process, Lawful Basis, Retention, Service Provider, System, Location, Technical and Organization Security and Data Sharing. System can also be configured to map data by organizational department, followed by data subject and business process.

Data Processing Entities and Locations

Follow workflow starting with either department or data subject and select from drop down lists or create your entries.

Module Integration

Data entered data mapping appears in other modules including Privacy Impact Assessments, Data Subject Access Requests and Incident Management.

Data Classification

Distinguish personal and personal sensitive information your organization collects and holds.

Lawful Basis

Enter lawful basis of each business process from provided drop down lists. These bases include a comprehensive set from data privacy regulations from around the world.

Data Visualization

Create and maintain catalog of personal data for your organization. Information includes Data Subject, Business Process, Lawful Basis, Retention, Service Provider, System, Location, Technical and Organization Security and Data Sharing. Updates other modules of the platform that require data inventory information, e.g., Impact Assessments, Data Subject Requests and Incidents.

Data Retention

Enter your data retention time frame. Standardize retention periods and align with data retention policy from the Governance module.

Third Country Transfer Requirements

 Enter and manage third party data transfers and associated agreements.

privacy impact assessment / data protection impact assessment

Privacy Impact Assessment (PIA) Overview

Creates the assessment designed to describe the processing of personal and sensitive personal information, assess its necessity and proportionality, and help manage the risks to individuals’ resulting from the processing of personal information, by assessing them and determining the measures to address them. PIAs are important tools for accountability, as they help an organization to demonstrate that appropriate measures have been taken to ensure compliance with regulation.

Prebuilt Template

Guides assessor through series of questions and required information. Includes screening questions, purpose, processing justification and individual’s rights. Provides toggles for applicable sections and questions, text boxes for answers and area to add / upload notes and files.

Step by Step Workflow

Contains required information areas for exclusion, “lite” and full assessment via screening questions. Provides contextual help text for each area of the assessment. Provides steps for reviewers and approvers.

Screening Questions

System provides eight item check list to determine if a PIA is exempt for the assessment. If user selects one or more of the checklist items, then the system documents the disposition and eliminates further assessment tasks.

Threshold Analysis

Includes ten threshold purpose questions and user can add their own purposes in addition. System automatically denotes required information and risk level to data subjects.

Project Board (Kanban)

See and select Privacy Impact Assessments as cards displayed by status. Status includes Draft, Review, Editing, Submitted and Complete. Ability to toggle on and off viewing of archived assessments. Each card displays Assessment Control Number, Due Date, Assessment Name and color-coded Risk Level.

Data Inventory Selection

Select the relevant personal data to the Assessment, including Department (if set up), Data Subject Type, Processing Purpose, Lawful Basis from drop-down lists created from the data mapping.

Assessment Roles

Assign roles of assessor, reviewer or approver. Process allows for multiple reviewers and approvers. Can select from existing users or create them on-the-fly.

Risk Analysis and Recommendations

System determines risk level of each assessment based on combination of selected thresholds and criteria. Enter risk, risk type, impact and likelihood. Risk levels include negligible, important and maximum. After the initial approval, a Risks tab will appear where you can detail each risk and how it's being mitigated. Before a PIA can be approved all risks must be individually documented, justified and approved.

Stakeholder and Regulator Reports

Download pdf of PIA details for internal stakeholders, customers and regulators. Includes organization contact and addresses, privacy officer, criteria for required PIA, relevance, processing, data in scope, risk, approval, owner, reviewers, approvers, reference number and status.

privacy notice management (external policies and notices)

Prebuilt Templates

Tailor pre-loaded privacy notices – including public-facing and employee notices. Publish public notices on your website with widget.

Custom Privacy Notices

Create your own notices as needed. Tracks status and updates of each policy and procedure.

Configure and Edit

Start with a privacy notice template or upload your own.

Integrated Data Subject Request

System provides button widget that links to one or more data subject request forms, including opt-in / out and data requests – access, correction, erasure, limited processing.

Auto-Generated Notices

System produces notice sections for you, incorporating the data mapping from the data mapping module automatically. Publish notices on your website with a built-in widget.

Data Processing Activities and Lawful Basis.

Notice information includes organization contact details, privacy officer, data subject type, business purpose, data collected and processed, data processing role – controller or processor / service provider and legal basis.

privacy policy management / governance

Privacy Management Governance Suite

Focused set of data protection and privacy documents as a starting point, including public and employee privacy notices, employee training, transborder information flows, acceptable use, data classification and labeling and data handling and more. Covers the essential governance documents of security measures, privacy notices, internal, optional to manage your document library.

Prebuilt Templates.

Tailor pre-loaded governance policies to your company’s operations.

Curated Library

Contains essential privacy and data management policies and guidance in creating and managing your program such as Working From Home, Best Practices, Data Classification, Data Handling, Data Privacy Policy, Acceptable Use, Data Breach Policy, Data Privacy and Security Awareness, Program and Announcements. Tracks status and updates of each policy and procedure.

Configure and Edit

Start with a policy template and update it or upload your own policy, standard, procedure, announcement or work instruction. Includes text editing features on the platform.

Create Document Repository and Resource Center

Start with pre-built governance documents and add / change as needed. Manage documents for your Data Privacy and Protection and your Governance, Risk and Compliance program.

Acknowledgement Tracking Built In

Communicate policies and procedures to employees, contractors and other stakeholders and get “Read and Accepted” confirmations.

Centralize Policy Development and Management 

Create, update, store and manage acknowledgements from one place.

Custom Documents

You can implement your entire governance documentation within the platform. Upload your own standards, policies, procedures, runbooks, etc.

ease of use

Multiple Skill Levels

DataProtection DynamiX is designed for privacy management novices to seasoned pros. The platform includes wizards and step by step guides allowing you to configure and manage your organization’s data privacy across the business. ­

Clean Design

Once you log in, you get a single page with numbered cards and helpful descriptions. You can choose to navigate by card, icon or menu. DataProtection DynamiX allows people from every business unit, including operations, legal, IT, marketing, sales and service to use the platform. It is 100% web-based with nothing to install.

Step by Step Guidance

Within each module, the platform provides contextual guides to assist you in assessments, data mapping, service provider management, and data subject request handling.

Getting Started Wizard

DataProtection DynamiX includes an organization set up wizard and on-boarding guide.

Everything you need in one place

You get context-based tools and tips along the way.

data privacy and protection training management

Built-In Privacy Awareness Module

Includes training document you can assign to employees and contractors. Send out via email and track acknowledgement of completion and acceptance.

Built-In Information Security Instructions

Includes instructions within policy documents you can assign to employees and contractors. Send out via email and track acknowledgement of completion and acceptance.

Link to Privacy and Security LMS

Enter links for employees to access your existing training.

Getting Started Wizard

DataProtection DynamiX includes an organization set up wizard and on-boarding guide.

Employee On-Boarding Checklist

Confirm employee learning and understanding of data privacy practice and compliance through 10 key practices. Add your own additional checklist items.

Training Guides and other Documents

Create and distribute documents and track status, sent dates and employee acceptance dates.

Training Completion Logs

View, print or save as pdf. Training completion includes name, job title email address, overall status, and detailed status by training.

third party / vendor management

Third Party Compliance Checklist 

Assess and manage your data sharing, privacy practice and compliance through 12 compliance items. Assign risk and completion status as well as person responsible for each item or assign entire checklist to an individual. Add your own additional checklist items.

Service Provider Compliance Checklist

Complete and update 10 compliance checklist items as part of your vendor management. Assign risk and completion status as well as person responsible for each item or assign entire checklist to an individual. Add your own additional checklist items.

Third Party Processing (Customers / Clients)

Manage data privacy requirements for your customers or clients’ data that your organization processes. Add and keep track of each processing category, data and system locations, and each customer or client. Indicate if location is internal or external and list subcontractors.

Import Customers / Clients

Add individual or bulk upload customers / clients with included import template. Fields include Client Name, Phone, Email, Country, Client Representative Name, Representative Email, Representative Phone, Client DPO Name, Client DPO Email, Client DPO Phone, Processing Category(ies).

Contract Storage

Upload signed contracts for your service providers and your customers.

Vendor Contract and Policy Templates

Includes starter templates which you can tailor to your organization.

Third Party Sharing Agreements

Although you may add new sharing parties via data mapping, you may also add new parties in the Third Party Sharing Agreements section and associate them with the appropriate processing purposes in data mapping immediately after you add them. Specify recipient, recipient type, country, renewal data, lawful basis, contract status and upload contracts.

Import Third Parties

Add individual or bulk upload third parties with included import template. Fields include Recipient Name, Type, Website, Phone, Email, Address, Mailing Address, Country, Sharing Details, including Reason for Sharing, Sharing Objectives, Sharing Medium, Agreement Start and End Dates, Sharing Frequency, Estimated Number of Records, Representative (your organization) and Recipient Representative.

Third Party Summary and Management

Once you have entered one or more third parties, see listing by Recipient, Recipient Type, Country, Renewal Date, Lawful Basis, Contract Status – not signed, in process, signed – and indication of Contract uploaded.

data subject access requests (dsar)

Individual Rights Management

Manage the lifecycle of data subject rights requests.

Prebuilt Configurable DSAR Web Form

Add your web domains and JavaScript widget to display DSAR form and ingest submissions. Customize request type, submission and download buttons.

Applicable Regulation Configuration

Customize forms to handle the data rights applicable to your organization’s jurisdictions. Options include Access / Copies, Rectification / Correction, Deletion / Erasure, Restrict Processing, Data Portability and Objection.

Multiple Language Support

Display and manage public-facing privacy notices and DSARs in English, Spanish, French, German, Dutch, Portuguese, Czech. Greek, and Lithuanian.

Link to Data Mapping for Data Subject Type

The individual identifies themselves as a data subject type, e.g., applicant, prospective customer, customer, employee, the platform displays the data map of personal and sensitive personal data held for that data subject type.

DSAR Register for Audit Trail and Reporting

View, print or save the DSAR requests as pdfs.


Download pdf of individual DSAR from the Project Board.

Unlimited DSAR Request Processing

You get unlimited DSAR request processing and can host the web form on multiple domains.

Automated Request Population

Text that individuals enter on the form appear in a DSAR work item in the DSAR module.

Automated DSAR Workflow

As you enter needed information, e.g., evaluating the request, verifying identity of the requestor, documenting tasks and fulfilling the request, the platform automatically updates status and moves the DSAR to the next step in the sequence. If at any step, the evaluation indicates that DSAR is either invalid or not possible to fulfill, the platform will indicate the disposition and reject the request.

Project Board (Kanban)

See each DSAR as a card with status of received, in progress, complete or rejected. Cards display control number, Requestor, due date, assignment, and DSAR type. You can download the DSAR from the Project Board.

Document Upload

Upload and attach one or more documents or files to the DSAR. The requestor or the privacy person processing the DSAR may upload documents.

Email Integration and Notifications

Once requester has submitted their DSAR form, the system sends an email automated response with the completed request form and your organization’s privacy notice.

incident management / response

Step by Step Workflow

Nine step sequence bar at the top of incident work area guide you to enter required information and evidence via notes and files. Steps include basic information including incident title, investigator, names and roles of incident response team, date and time of incident, country and time zone, description, containment and recovery, risk assessment, notification to authority (if required), notification to data subjects (if required) and evaluation and response.

Incident Item Board

Shows incident name, date, investigator, status, document links for relevant authority, data subject notification and incident details for internal documentation. Can add or edit incidents.

Analysis and Required Response

Contains questions via toggle buttons, drop down selections and text boxes for analysis and required documentation.

Incident Register / Log

Print or download PDF of incident register from your browser.

Conditional Logic

As you perform your documentation and analysis, the platform displays questions and toggles in context. The platform presents the next step based on how you answer the questions.

Incident Dashboard

Displays data breach by organization and status. If you have more than one legal entity, you may select one, more than one or all organizations to display.

Service Provider Selection

If incident involves service provider, platform displays service provider section with drop down selector for service provider(s) and specific questions with toggles that are required to answer.

Document Upload

Upload and attach one or more documents or files to the incident.

personal data breach management

Data Subject Notifications 

System creates data subject notifications automatically via pdf that you can send via email. The notification contains the company contact information, description of the incident, potential impact to the data subject and the measures taken to contain the incident.

Data Authority Notifications

Automatically creates letter to data authority / regulator with contact information, incident details, risk assessment, mitigation measures, data subject types impacted and number of data subjects impacted.

Breach Workflow Management

Incident management contains analysis questions to determine if a personal data breach has occurred. If so, the platform automatically produces the data subject and regulator notifications and houses the risk analysis and mitigation steps.

Incident Detail

View or download PDF of incident details, including elements pertaining to personal data breach.

platform navigation

Numbered Sequenced Modules

The HOME screen displays three key areas in building your privacy program and assessing your compliance. Each area is broken down by two or three parts for you.

Built-In Contextual Guides

Throughout the platform, context messages display and guides are available via tabs within each module.

Navigation Choices

Find functions via the home areas with labeled cards, via the left-positioned menu bar or within a module for select features.

Multiple Language Support

Toggle to your preferred language from the menu navigation bar in the GDPR version. Current languages include English, Dutch, Portuguese, Czech, Greek and Lithuanian. Public-facing notices and data subject requests are available in the languages listed above plus French, Spanish and German. Other languages can be configured upon request.

reporting and dashboards


Click on Dashboard menu to display compliance, risk, data mapping, privacy impact assessments, data breach, stakeholder communications, service providers and data sharing, data subject access requests and tasks. Dashboards include summary and detail drill downs. Color-coded with counts and percentages. Service providers are displayed by location via map.

Automatic Personal Data Inventory and Records of Processing Activities (ROPA)

When you build or update your security measures, data map or your service providers, the system automatically updates the inventory and ROPA with department, data subject, business process, lawful basis, personal and sensitive personal data category, and security measures. For third parties / service providers, the systems updates the inventory report and items within modules, including processing category, processor name, location, service providers, country, and legal basis.

Real-time Compliance Status Summary by Risk and Task

 In the Compliance Monitor module, select one of more section, tasks, status and compliance areas and click load report to get a real-time summary and associated detail. Select areas from Employee Personal Data Management, Information Security, Response and Privacy by Design (PbD), Business Environment and Governance, Data Management and People, and any custom compliance checklists you have created.


After you select your reporting areas, download your report in either PDF or MS-Excel formats.

Data Map by Location

Service Providers and Sharing dashboard displays service providers and data controllers with whom your organization shares personal data on a geographic map. Hover over the country to display number of processors and data sharing by country. Also shows completion status of required service providers’ and sharing parties’ data privacy information within your privacy compliance.

Data Map Export

When visualize is clicked, data map displays as a visual data map for data inventory and collection sources. Downloadable in SVG or PNG formats.

Select Compliance, Governance and Task Areas for Reporting

Select one or more areas to display or download in pdf or MS-Excel formats. Areas include Organization Features and Setup, Data Mapping, Governance, Stakeholders, Compliance, Service Providers, Data Sharing, Tasks, and Status.

Display and Download Items by Task Owner

Filter by review due date, show overdue reviews and select one, several or all statuses, and notes.

Report Items with Data and Time Stamp for Audit Control and Evidence

Every entry into the system is date and time stamped with your user ID.

Real-time Compliance Status Detail

In the Compliance Monitor, you may select notes to report on compliance item details.

software versions

DPDx - DataProtection DynamiX

US Multi-jurisdiction and regulation agnostic. Umbrella privacy compliance and management containing legal elements of CCPA, CPRA, VDPA, CPA, CDPA and UDPA. Ability to add jurisdictional requirements to one or more prebuilt compliance checklists or create / upload additional checklists and checklist items.

Consent Management

Included web forms for CA CCPA / CPRA Do Not Sell or Share My Personal Information. Create, publish and manage consents across domains. Contains WYSIWYG editor to create Opt-in, Opt-out, CCPA Complex and CCPA Simple consent types. View dashboard and reports and export consent via JSON and CSV.

Other privacy compliance management versions available 

EU-GDPR, UK-GDPR, CCPA/CPRA, POPIA, LDPA. Organizations may choose to have multiple platforms: one for each jurisdiction. Can manage and view separately or combine entities for reports and dashboards.

All versions hosted in the EU

The platform is a Cloud SaaS subscription, hosted on cloud servers in the EU.

Malcare WordPress Security