GDPR HQ - it's time to dig in

Sunday, April 29, 2018

After an extensive period of internal testing and a round of closed beta testing, GDPR HQ application is finally ready for a public beta test.

Thanks to all of you who subscribed to be notified when the application is ready; we already sent email notifications, and hopefully, you already opened profiles and started to browse through the features. And there is plenty of features for you to explore :)

Processing activities

Start your journey by defining few of the processing activities involving personal data. Some of the good examples may be "Sending a newsletter", "Trial user registration" or "Customer satisfaction". Determine the lawful basis for processing (e.g., legitimate interest or consent) and you should be good to go.


Optionally, set communication channels used in particular processing; this is not GDPR requirement, but it's practicality we decided to implement.


Create a consent document for processing activities where a lawful basis is, well - consent. One of our favorite web resources on the GDPR matter is ICO from the UK; take a look what they have to say about the lawful basis of processing.

Note that Consent should be your last resort, use it with caution; try to use another basis for your processing activities first (e.g., legitimate interest).


Consult with your lawyer or GDPR consultant if you're not sure.

GDPR HQ allows you to create two different versions of the consent document: PDF version and HTML version. Use the PDF version to print the consent document so that data subject (e.g., customer) can sign it. You can use HTML version on your website to offer a digital version of the consent document.

Records of consent

Once your customer/user signs the consent, you can enter it back to the GDPR HQ application. If you have signed PDF document, you can also scan it and attach it to the record.

I believe that you already know that you're not allowed to conduct those processing activities where lawful basis is consent if you didn't, before the processing, obtain consent from the individual. Once you enter a record of the consent for specific data subject (e.g., customer, user), GDPR HQ can tell you whether you should continue with the processing or not.

For example, your CRM application can ask (using API) GDPR HQ something like this: "do we have consent for this particular customer to call him and introduce our latest product".

Data subject requests

Under the GDPR, an individual has certain rights, e.g., right to be informed, right to rectification, right to erasure, right to object, etc.

You can use GDPR HQ application to record all communication related to data subject rights. For example, a customer may send you an e-mail requesting that you change his address in your CRM application. Store that e-mail message as data subject request and respond to the customer with predefined (templates) answers.

Data subject request (DSR) form

Design and manage DSR form individuals can use to send you data subject requests. For example, you can design a form and put a button ("Realize your rights") on your Privacy policy page. When a user clicks on that button, she will be redirected to a form where she can enter the necessary information to exercise her rights.

You can then use Data subject requests feature to answer with a templated email message once a request is processed.

Data subjects

Manage and store a minimal set of personal information about data subjects inside GDPR HQ application. You can even connect our app to your system using API so that you save only unique ID inside our system.

Cookie consent

Scan your website for cookies and group them in separate categories, e.g., necessary cookies, marketing cookies, tracking cookies, etc.

Display a cookie consent message to the visitor of your website and record his answer as cookie consent into GDPR HQ app.


What's next

Besides these significant features, there is also plenty of smaller one - dig into and explore.

If you would like to try API/SDK, these links can be helpful:



We're also working on new features, will keep you posted, both here on this blog and in periodical email notifications.

Once again thanks to all of you who subscribed to be a beta tester. We're proud to announce that we already have paying customers using GDPR HQ as early adopters so we do not expect that public beta phase lasts long; it should be quite soon until GDPR HQ is ready for production.

Happy testing!

Subscribe for free resources
& news updates.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form


stay in touch

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form