Zum Hauptinhalt springen
ProData Protection & Compliance

Privacy Office

The GDPR sounds like filing cabinets up to the ceiling, but in the end it comes down to a handful of documents that have to fit together. The Privacy Office bundles eleven tools into one workbench: from the privacy policy through DPA and TOMs all the way to the deletion concept. One cockpit instead of eleven open tabs.

A live look inside

Live preview. It becomes interactive with your account.

What Privacy Office does

Data protection is rarely hard because a single document is complicated. It is a slog because so many pieces interlock: the privacy policy references your processors, the processors need a data processing agreement, the DPA assumes technical and organisational measures, and your records of processing have to reflect all of it cleanly. The Privacy Office lays these eleven tools side by side so you stop jumping between eleven tabs and three templates.

It starts with the statements. The privacy policy generator builds your policy block by block: contact form, hosting, analytics, newsletter, social media. The cookie policy generator produces the matching cookie table with purpose, provider and lifetime, and the GDPR cookie banner delivers a consent banner with real opt-in that only loads once the visitor has actually agreed. Three tools, one coherent set of texts for your website.

As soon as external processors are involved, you need contracts. The DPA generator creates a data processing agreement under Art. 28 GDPR that you present to your processors or have them countersign. Alongside it, the TOMs generator documents your technical and organisational measures - access control, encryption, permissions and backups - in a structure a supervisory authority recognises immediately.

The heart of any GDPR documentation is the records of processing activities under Art. 30. The Art. 30 helper walks you through it processing by processing: purpose, legal basis, categories of data subjects, recipients, deletion deadlines. The purpose library hands you ready-worded purposes and matching legal bases to reuse, and the processor register keeps every processor with its DPA status in one place, so you can see at a glance where a contract is still missing.

Where risk is involved, the data protection impact assessment comes into play. The DPIA quick check asks you a few short questions about whether your processing is likely to carry a high risk and therefore requires a full assessment under Art. 35. Not a legal opinion, but an honest traffic light that tells you whether you need to look more closely.

At the end comes deletion, and that is exactly what gets forgotten most often. The deletion concept generator builds a concept along DIN 66398, with deletion classes and standard periods per data type. The retention planner keeps the concrete storage and deletion deadlines in view, from the ten years for invoices to the immediate deletion of a rejected job application. Together they make sure data does not linger forever just because nobody thought about it.

Everything runs locally in your browser. Your company data, your processor list, your processing purposes - none of it is sent to a server while you work. The individual tools stay reachable on their own; the office is just the shared workbench on top. So you can always open a single tool without needing the whole suite.

And the honest note up front: the Privacy Office does not replace legal advice. It takes the dull grind off your plate and gives you seriously good groundwork, but for tricky cases, international data transfers or special categories of personal data, get a look from a lawyer or your data protection officer. We are on your side, not your liability shield.

Features

Eleven GDPR tools, one workbench

From privacy policy to deletion concept, all in one place, sorted into statements, contracts, registers and assessment.

Privacy policy block by block

Contact form, hosting, analytics, newsletter, social media - only the blocks you actually use.

Cookie policy plus opt-in banner

Matching cookie table and a consent banner that only loads once the visitor has really agreed.

DPA and TOMs that fit together

Data processing agreement under Art. 28 and the technical-organisational measures in an authority-proof structure.

Art. 30 records with a purpose library

Capture processing activities in a clean structure and reuse ready-worded purposes with their legal basis.

Processor register with DPA status

Every processor in one place, showing at a glance where a contract is still missing.

DPIA check and retention under control

An honest traffic light for the impact assessment plus a DIN 66398 deletion concept and concrete deadlines per data type.

Local in the browser, no data leakage

Company data, processors and purposes stay on your device while you work.

How it works

  1. 1

    Start with the statements

    Build the privacy policy, cookie policy and banner first. That is what visitors see before anything else.

  2. 2

    Generate contracts and TOMs

    Create the DPA for your processors and document your technical-organisational measures.

  3. 3

    Maintain the registers

    Enter your Art. 30 processing activities, use the purpose library and list your processors.

  4. 4

    Assess and settle deletion

    Run the DPIA quick check and set the deletion concept and retention deadlines so data does not linger forever.

  5. 5

    Get it reviewed

    For tricky cases, have the result reviewed by a lawyer or your data protection officer.

Who needs this

→Solo freelancers and small teams who finally want their GDPR documentation complete.
→Website owners who need privacy policy, cookie policy and banner from a single source.
→Clubs and founders setting up clean records of processing activities from day one.
→Agencies and service providers who have to present DPA and TOMs to clients in a clear structure.
→Data protection officers who want to maintain deletion concept and retention deadlines in one place.

Frequently asked questions

Does the Privacy Office replace legal advice?

No. It takes the grunt work off your plate and gives you a very good starting point, but it is not legal advice. For special categories of data, international data transfers or unclear cases, a lawyer or your data protection officer should take a look.

Can the individual tools be used separately?

Yes. Each of the eleven tools stays reachable and registered on its own. The Privacy Office is just the shared workbench on top. So you can open only the DPA generator or only the retention planner if that is all you need.

Do I need records of processing activities?

In the vast majority of cases, yes. Art. 30 GDPR requires it in principle from every controller, with narrow exceptions for small organisations without risky or regular processing. The Art. 30 helper walks you through the required entries.

When do I need a data protection impact assessment?

When a processing activity is likely to carry a high risk to the rights of data subjects, for example large-scale profiling or special categories of data. The DPIA quick check gives you an honest first read on whether a full assessment under Art. 35 is required.

Are my entries stored anywhere?

The tools work locally in your browser. Your company data, processors and purposes are not sent to a server while you work. Drafts may be cached locally so nothing gets lost.

Does the suite cover deleting data too?

Yes, and this is the part most often forgotten. The deletion concept generator builds a concept along DIN 66398, and the retention planner keeps the concrete storage and deletion periods per data type in view, from ten years for invoices to the prompt deletion of rejected applications.

Privacy Policy Generator

Generate a GDPR-compliant privacy policy with 10+ presets, 20+ third-party services, cookie c…

Cookie Policy Generator

Generate a cookie policy structured along TDDDG Sec. 25, GDPR Art. 6/7 and the ePrivacy Direc…

DPA Generator

Generate a GDPR-compliant Data Processing Agreement (DPA) per Art. 28 GDPR. With 8 TOM catego…

TOMs Generator

Create your GDPR Article 32 TOMs document. Fill out the questionnaire, download PDF, done.

GDPR Art. 30 Helper

Create your GDPR Article 30 records of processing activities. All required fields, ready to p…

Deletion Concept Generator

Create a structured data deletion concept. Categories, retention periods, methods.

Ready to use Privacy Office?

No installation. No account needed to start. Open it right in your browser.

Open now