Skip to Main Content
This website uses cookies. View our cookie policy

Plan your route to GDPR compliance with our easy-to-use, intuitive tool.

Map out the way your organisation uses personal data to create the records of processing you’re required to have under GDPR.

Quickly review, revise and update your records whenever processes change.

Data flow mapping is also an essential precursor to conducting a DPIA.

Map it. See it. Act on it.


Why use our Data Flow Mapping Tool?

Personal data.

Every organisation uses it. But it’s how you use it and what you do with it that’s important.

Since the GDPR came into force there is now more pressure than ever to understand how you process data.

Get a thorough understanding of what personal data your organisation processes

The Data Flow Mapping Tool simplifies the process of creating data flow maps, which will help you meet the terms of the GDPR (General Data Protection Regulation). Data flow mapping is also an essential precursor to conducting a DPIA (data protection impact assessment).

Gain full visibility over the flow of personal data through your organisation. As well as helping you identify those parts of your processes that may need additional measures to protect personal data, the Data Flow Mapping Tool will help you identify and eliminate any process inefficiencies.

Comply with the GDPR

Article 30 of the GDPR requires data controllers and processors to maintain written records of their processing activities, and to make them available to their supervisory authority – the ICO (Information Commissioner’s Office) in the UK – on request.

To comply with the GDPR, organisations that process the personal data of EU residents must understand what personal data they hold or process. To do so, creating data flow maps is vital.

Meet cyber security and privacy risk requirements

Developed for risk and security, data and compliance, and IT and information security professionals working in established SMEs and larger organisations for whom producing data flow mapping helps the organisation meet the requirements of the GDPR.

The techniques and challenges associated with data flow mapping include:

  • Identifying your data processing weaknesses and complying with the six data protection principles as part of your GDPR compliance;
  • Finding, processing and safeguarding all personal data within your organisation, across geographic territories or from third-party suppliers;
  • How you streamline existing processes, where your data is kept and how it is used within your organisation; and
  • Finding a tool that gives you full visibility over the flow of personal data through your organisation and enables you to easily create data flow maps that can be reviewed, revised and updated when needed.

Data breaches can happen to any organisation at any time, so taking steps to secure your customer data should be an urgent priority. The size of your organisation is irrelevant – the same rules apply from independents to multiples, franchises to global giants and everything in between.


We offer single-user and multi-user access via monthly and annual subscriptions. Being hosted online also means that other invited users can access the tool with a ‘read only’ role and ensures that correct procedures have been followed

Price guarantee: If you find a tool that does exactly the same, with the same outcomes at the same incredible price or lower, we will refund your first subscription*

*full details on the shopping page

See pricing


Using the tool will simplify how you map data flows, giving you more time to spend on identifying and resolving data protection issues.

It features a simple toolbar to create and edit maps, a user-friendly interface and a helpful tutorial to guide you round the tool.

Geared for repeatability

Data flow maps created with the tool can be easily reviewed, edited and updated by multiple people as your organisation evolves.

Creating data flow maps should become a standard part of proposing and setting up any projects or processes that will involve personal data.

Logs personal data item

Log details of the personal data items involved in a process and generate an inventory of personal data.

You can specify what the lawful basis for processing is, the types of personal data you are processing and the categories of data subjects.

Generates data flow reports

Generate a version-controlled data flow report that compiles information from your data flow map in an easy-to-read format to share with stakeholders.

You can update the process map and details whenever changes are made to the process.

Embeds data protection by design

Data flow mapping is essential for organisations seeking to embed data protection by design and by default into their processes.

Doing so means that processes are geared towards data protection from the beginning.

Gives optional access to security controls

The Data Flow Mapping Tool integrates with Compliance Manager, so you can record what security controls have been applied to a process.

You can also use this integration to keep track of whether a process is governed by specific regulatory, statutory or contractual requirements. 


Jeffrey S. Cochran

Information Security Manager, Thompsons Online Benefits

By the way, this vsRisk package rocks!
I do very much like how it is laid out and operates. This is just what I needed.


Nicholas King


Robust have never been so high-profile. The introduction of the EU GDPR (General Data Protection Regulation) in May 2018 put personal data protection firmly in the public consciousness. Cybercrime continues to grab headlines, with attacks causing massive disruption for airlines, hospitals and entire ... read more