Can I use GDPRWise documentation during an audit by the supervisory authority?

Yes. The dossier is structured to meet the documentation requirements under the GDPR. You can export the complete dossier or individual components and present them during an inspection. The professional formatting and clear structure make it easy for inspectors to review.

How long does it take to create a complete GDPR dossier?

The scan takes about 2 minutes. Answering the guided refinement questions takes 15 to 30 minutes depending on your business. After that, your complete dossier is ready. Compare that to weeks of manual work or expensive consultancy projects.

What if my business changes after I create the dossier?

With the Free Scan, you get your complete dossier and all documents at no cost. With Peace of Mind, GDPRWise monitors your website continuously and flags changes automatically. New tools, updated scripts, or changed forms are detected and your documentation is updated accordingly.

Create Complete GDPR Documentation with GDPRWise - GDPRWise

All your GDPR documentation in one place: processing register, privacy policies, cookie report, action list, and breach procedures. Built from your actual data.

The documentation challenge

The GDPR is, at its core, a documentation obligation. You need to prove that you handle personal data correctly. Not just claim it - prove it. With documents, registers, policies, and procedures that a supervisory authority can review at any time.

For large organisations with legal departments, this is manageable. For small and mid-sized businesses, it is the single biggest obstacle to compliance. You know you should have a processing register. You know your privacy policy needs updating. You know you should document your cookie situation. But putting all of that together, in the right format, covering all the right fields? That is where most SMEs get stuck.

GDPRWise solves this by generating your complete GDPR documentation from a single starting point: your website scan.

Everything in one place

Your GDPRWise dossier is not a single document. It is a structured collection of everything you need to demonstrate compliance. Here is what it includes and why each component matters.

Processing register (ROPA)

The record of processing activities is the foundation of your GDPR documentation. It lists every activity involving personal data, from website analytics to payroll administration.

GDPRWise generates your register automatically. The scan detects website-based processing. The sector foundation adds industry-standard activities. The guided refinement fills in internal and offline processing. Every entry includes purpose, legal basis, data categories, recipients, retention periods, and security measures.

The result is a register that meets the requirements of Article 30 GDPR (also known as the AVG in Dutch legislation), ready for export and presentation.

Customer privacy policy

Your privacy policy tells visitors and customers what data you collect, why, and what their rights are. GDPRWise generates this based on your actual processing activities, not from a generic template.

Because the policy is built from scan results and your answers, it accurately describes what happens on your website. When your site uses Google Analytics, the policy says so. When your contact form collects phone numbers, the policy mentions it. No gaps, no fiction.

Staff privacy policy

Most businesses overlook this one entirely. The GDPR requires you to inform your employees about how you process their personal data. Payroll, HR files, sick leave, CCTV, GPS tracking, IT monitoring - all of these require transparency.

GDPRWise generates a dedicated staff privacy policy based on your answers about HR practices. This document is ready to include as an appendix to employment contracts. It is one of GDPRWise’s unique features: very few tools on the market generate an employee-facing privacy policy.

The cookie report provides a detailed inventory of all cookies and trackers active on your website. For each cookie, you see the name, origin, category (functional, analytical, marketing), lifespan, and whether consent is required.

This report is the basis for your cookie banner configuration and your cookie policy. You know exactly what to disclose and what to block until consent is given.

Action list

Not everything can be automated. Some items require you to take action: conclude a processing agreement with a supplier, set a retention period for a specific data category, adjust your cookie banner, or brief your staff on the data breach procedure.

The action list captures these items, prioritised by impact. Each action includes a description, the priority level, and guidance on how to resolve it. You can assign actions to colleagues and track completion within the platform.

Breach procedures

Your dossier includes a data breach management section with a breach register, notification templates, and communication templates for affected individuals. These are tailored to your sector and your specific processing activities.

When a breach occurs, you don’t start from scratch. You open GDPRWise, log the incident, and follow the guided procedure. Everything is documented in the format the supervisory authority expects.

Compliance score

The compliance score is a percentage showing how far along you are. It is based on the completeness of your register, the status of your privacy policies, your cookie situation, and the number of resolved action items.

The score is not a legal guarantee, but a practical indicator. It helps you prioritise and track progress over time.

How the three-layer model ensures completeness

The reason GDPRWise can generate all this documentation reliably is the three-layer model.

Sector foundation provides the baseline. Every industry has standard processing activities, typical tools, and common data flows. GDPRWise maintains pre-built foundations for dozens of sectors, giving you a strong starting point regardless of your technical knowledge.

AI scan results add the specifics. The scan detects exactly what is happening on your website: which scripts load, which cookies are placed, which forms collect data. These findings are translated into register entries, policy sections, and cookie report lines. Items confirmed by the scan are labelled “Detected” so you know they are verified.

Guided refinement completes the picture. Targeted questions address processing that happens outside your website: employee data, client records, partner data sharing, physical security. Items based on your answers are labelled “Needs review” until you confirm them.

Together, these three layers ensure completeness. Nothing is missed.

Every component of your dossier can be exported individually or as a complete package.

PDF export produces professionally formatted documents with clean layout, clear headings, and structured tables. Ready to hand to a supervisory authority inspector, include in an audit package, or send to your legal adviser.

Excel export gives you editable spreadsheets for internal use. Your accountant can review the processing register. Your IT team can check the cookie report. Your HR manager can verify the staff privacy policy.

Keeping documentation current

The biggest risk with GDPR documentation is not creating it - it is letting it become outdated. A processing register from 2023 that doesn’t mention the tools you added in 2025 is worse than no register at all. It suggests you don’t monitor your compliance.

GDPRWise addresses this at two levels:

Free Scan. Your initial scan and complete dossier are free, with no account or credit card required. You get a full AI scan, complete dossier, all documents, a compliance score, and a 2-week free trial to explore the platform.

Peace of Mind subscription (EUR 29/month, yearly billing). GDPRWise monitors your website continuously. When a new script appears, a cookie changes, or a form is added, you receive a notification. The platform shows exactly what changed and what documentation needs updating. You review, approve, and your dossier is current again.

Peace of Mind also tracks regulatory changes so your documentation reflects current expectations.

From scattered files to a single source of truth

Most SMEs have GDPR documentation scattered across different locations. A privacy policy drafted by a lawyer two years ago. A processing register started in Excel but never finished. A cookie banner installed without proper documentation.

GDPRWise brings all of this into one structured, maintained, and exportable dossier. You know where everything is. You know it is current. And you can prove it to anyone who asks.

auto_awesome Build your complete GDPR dossier

One scan, a set of targeted questions, and your complete GDPR documentation is ready. Processing register, privacy policies, cookie report, action list, and breach procedures - all in one place.

Start your free scan