Handling subject access requests under GDPR

DPIAs help organisations identify, assess and mitigate or minimise privacy risks with data processing activities. They’re particularly relevant when a new data processing system or technology is being introduced. Under GDPR, a DPIA should be managed by the data controller or data protection officer (DPO). It should contain a detailed description of the processing operations, an assessment of the necessity of the processing in relation to the purpose, an assessment of risks to individuals, and what controls are put in place to mitigate any risks. DPIA templates provided by the ICO are in the format of lengthy word documents which are difficult to keep up-to-date.

VinciWorks’ DPIA reporting portal allows organisations of all sizes to carry out a full DPIA. A DPO can easily create and track forms to allow all staff to contribute to the DPIA process. Any red flags in how the organisation processes data can easily be flagged and tracked.

Software features


Administrators can either build forms themselves or use our best-practice customisable built-in forms. Additional forms can be created to send out to all department leaders.


Track all form completions and flag any high-risk entries that require further action.

Review and resolve

Review flagged entries via the dashboard and take appropriate action.

Manage reports

Submissions can be segmented by administrators and all entries and reports can easily be exported.

Contact us to book a demo