What's in Your GDPRWise Dossier?

Everything you need to manage and demonstrate GDPR compliance

Your GDPRWise dossier contains everything you need to manage and demonstrate GDPR compliance. From the process definitions, personal data items, and your third parties to your compliance actions & score.

1. Customer dossier

The customer dossier is where you manage all business processes that touch on customer data. Think of your CRM, email marketing, order processing, customer support, website analytics, and contact forms.

For each process, the dossier captures:

• What the process does and why (purpose and legal basis)
• Which personal data items are involved (names, emails, payment details, etc.)
• How long you retain the data
• What security measures are in place

GDPRWise pre-fills the customer dossier based on your industry sector and scan results. You review, adjust, and enrich it with your specific business context.

2. Staff dossier

The staff dossier covers all business processes that touch on employee and staff data. Payroll, HR administration, sick leave tracking, performance reviews, access management, CCTV, company devices - these all involve personal data that falls under the GDPR.

Many business owners focus only on customer data and forget that staff data is equally regulated. In fact, the data you gather on staff is often far more detailed and sensitive than what you collect on customers - salary information, family composition, pension details, performance reviews, medical absences, and more. The staff dossier ensures you have this covered, including a staff privacy policy that informs your employees about how their data is processed.

3. Third party dossier

The third party dossier lists all personal data processes where third parties are involved. Every external service that processes personal data on your behalf needs to be documented: your hosting provider, email service, CRM platform, payment processor, accountant, cloud storage, analytics tools, and more.

For each third party, the dossier tracks:

• What data they process and why
• Where they are located (EU or outside)
• Whether a processing agreement (DPA) is in place
• The type of relationship (processor, joint controller, independent controller)

This overview is essential for your processing register and helps you identify where processing agreements are missing.

4. GDPR documents

From the GDPR documents screen you can generate the official documents you need for compliance. These are built from the data in your customer, staff, and third party dossiers, so they accurately reflect your actual situation.

Documents you can generate include:

• Privacy policy - tailored to your processing activities, ready to place on your website
• Processing register - the formal Article 30 register, exportable as PDF or Excel
• Staff privacy policy - an employee-facing document explaining how you handle their data
• Cookie policy - based on the cookies and trackers detected by your scan

These are not generic templates. They are generated from your dossier data, so they match what you actually do.

5. Dashboard and compliance actions

Your dashboard gives you a clear overview of where you stand and what still needs to be done. It shows your compliance score and a prioritised list of must-do actions to reach a base GDPR compliance level.

Each action includes:

• A description of what needs to happen
• The priority level
• A link to guidance in the knowledge base

Typical actions: conclude a processing agreement with a third party, complete a missing process definition, set retention periods, or review flagged items from your scan.

The compliance score is not a legal guarantee, but a practical indicator. It helps you track progress, focus on what matters most, and demonstrate to auditors that you are actively managing your compliance.