· · ISO 42001 Lead Auditor

Gestion de la protection des données pour les équipes qui savent déjà à quel point c'est difficile.

Registre, AIPD, DSAR et réponse aux violations sur un enregistrement connecté, prêt pour l'audit par défaut.

Acuna Data Privacy est le module de gestion de la protection des données de la plateforme GRC Acuna, conçu pour les personnes qui comprennent ce que la plupart des outils ignorent : le registre, le DPA, l'AIPD, le TIA, la réponse aux violations et les DSAR forment un workflow connecté, et non six modules dans des espaces séparés.

RGPDnLPD suisseUK GDPR+ votre référentiel
One connected workflow: Processing Activity connected to ROPA, DPIA, TIA, Breach, DSAR, DPAROPAArticle 30DPIAWP248 criteriaTIASchrems IIBreach72-hour clockDSARArticle 12DPAArticle 28ProcessingActivityone graph

· the architecture is in the UI ·

Five product views that share one graph. On mobile we show a short summary for each. The stacked desktop collage with full UI detail appears when you widen the screen.

1 / 5 · acuna.io / privacy / ropa

Processing Activities

One register for every PA. Status, frameworks, and references stay on one row.

  • 142 PAs in the mock list
  • GDPR, FADP, and UK on the same record
  • Article 30 columns ready to export

2 / 5 · acuna.io / pa / PA-2026-042 / frameworks

Multi-framework on one PA

Each framework keeps its own legal basis without duplicating the operational record.

  • GDPR and Swiss FADP side by side
  • Independent review cycles per framework
  • Add UK GDPR without a second workspace

3 / 5 · acuna.io / privacy / breach-simulator

Breach Simulator

Pick a vendor and see cascade counts for PAs, assets, and data elements.

  • 14 affected PAs in the scenario
  • 47 data elements surfaced
  • 6 flagged as special category

4 / 5 · acuna.io / privacy / questionnaire

Scoped questionnaire

Business owners get a one-time token link tied to the PA they own.

  • Email from privacy@acuna.io
  • Scoped editor, no tenant-wide access
  • Explicit approval step for the privacy team

5 / 5 · acuna.io / pa / PA-2026-042 / data-flow

Data Flow canvas

Subjects, assets, systems, and third parties on one screen for the regulator questions.

  • Four stages in one view
  • Residency and jurisdiction on each node
  • Special-category data highlighted
acuna.io / privacy / ropa
Processing Activities142 PAs
ReferenceNameStatus
PA-2026-042

Employee payroll processing

GDPRFADP
Approved
PA-2026-041

Customer support data

GDPRUK
In Review
PA-2026-040

Marketing analytics

GDPR
Draft
acuna.io / privacy / pa / PA-2026-042

FRAMEWORKS

GDPREU

basis: Legitimate interest Art. 6(1)(f)

Swiss FADPCH

basis: Consent Art. 6 FADP

acuna.io / privacy / breach-simulator

AWS Frankfurt

eu-central-1 · processor

▲ if compromised

Affected PAs14
Affected assets9
Data elements47
Special category6
questionnaire@acuna.io → business owner

from: privacy@acuna.io

Please confirm PA-2026-043 data

You have been sent a scoped link to review and confirm the processing activity you own.

acuna.io/privacy/questionnaire/3f7a8c19b2…d8e

Open scoped editor →
acuna.io / pa / PA-2026-042 / data-flow

Subjects

Customers
Staff

Assets

PostgreSQL
⚠ Health logs

Systems

Helpdesk

Third Parties

Zendesk

Four product facts that matter to privacy teams. Each row is the same credential you see in the desktop layout, stacked so nothing is squeezed into a narrow column.

1×PA

Multi-framework on one record

GDPR and Swiss FADP govern the same processing activity with independent legal bases on one operational record.

226

Country TIA lookup

Transfer Impact Assessment pre-populates destination jurisdictions from a 226-country dataset.

27+

Seeded data elements

GDPR Article 9 special-category mapping included. Your team adds from a curated base instead of building the ontology first.

9

EDPB WP248 criteria

The DPIA threshold screener applies all nine criteria. Two or more met triggers the requirement under Article 35.

The shape of the work

You've already done the diagnosis.

01 · la forme du travail

La forme du travail

Le registre est à jour le jour de son approbation et légèrement obsolète dès la fin de la réunion. Les responsables métier répondent aux questionnaires à leur rythme, avec leurs propres formulations. Les chaînes de sous-traitants dérivent. Les transferts transfrontaliers obtiennent une nouvelle garantie à chaque décision de justice.

02 · la forme des outils

La forme des outils

La plateforme que vous avez achetée a été vendue comme une suite unique et configurée en six modules. L'implémentation a dépassé le calendrier annoncé. La tarification a évolué selon un calendrier dont personne ne vous avait prévenu. L'export Article 30 sort en tableau plat, et les relations, les flux de données qui sont l'objet réel de l'Article 30, restent dans votre tête.

03 · ce que vous recherchez réellement

Ce que vous recherchez réellement

Vous ne cherchez pas un outil qui promet de simplifier la privacy. Vous cherchez un outil qui respecte la forme réelle du métier.

The architecture

Un graphe, pas six modules

RelationshipProcessing Activity connects to
originates from
Data Subjectwho the data is about
collects from
Data Assetwhere data is stored
stores in
System Assetinfrastructure layer
sends to
Third Partyprocessor / controller
governed by
FrameworkGDPR · Swiss FADP · UK

Open any Processing Activity. This is what you see. ↓

Tout dans les opérations privacy est une relation. Une activité de traitement collecte auprès d'une personne concernée, stocke dans un actif, transmet à un tiers. Le tiers a des sous-traitants. Les sous-traitants créent des obligations de transfert. Les obligations de transfert exigent des garanties. Une violation sur n'importe quel nœud se propage dans le graphe.

La plupart des plateformes modélisent cela comme six tables et une série de formulaires où vous ressaisissez les mêmes informations. Acuna le modélise comme un graphe unique. L'assistant DPA lit la chaîne de sous-traitants depuis votre configuration tiers. Le simulateur de violation lit les AT affectées depuis les liens actifs et tiers. L'export Article 30 inclut les colonnes de relations, car les relations sont l'enregistrement.

C'est ce que les praticiens entendent lorsqu'ils disent qu'un programme privacy doit être opérationnel, et non documentaire.

The view buyers fall in love with

One Processing Activity. The whole story, on one screen.

Open a PA, click Data Flow, and the answer to every regulator’s first four questions renders itself: who the subjects are, what data is involved, where it lives, and who else touches it. Article 30 logic, rendered as architecture.

Processing Activity:
PA-010 · Employee data collection
Live model·PA-010 · Employee data collection
GDPRSwiss FADPApproved

One PA, four stages. Who the data is about, where it is collected and stored, and who receives it. Widen the screen for the full canvas with connectors and data elements.

PA-010 · Employee data collection

Data subjects

originates with

Employees10K–20K

Collects from

data assets

ERP (SAP)Badge accessArt. 9

Stores in

system assets

Azure BlobDEActive DirectoryDE

Sends to

third parties

MicrosoftUSTalentHub HRUS

Amber = cross-border or special-category signal in the product

Data Subjects

data originates with

Employees

Data Subject

10K–20K subjects

Collects From

data assets

ERP System (SAP)

Data Asset
First NameSalary InformationEmail AddressHome AddressSocial Security Number

RESIDENCY · Dublin Data Center

Badge Access System

Data Asset
Biometric TemplateEmail AddressLast NameFirst Name

RESIDENCY · CH Switzerland

Stores In

system assets

Azure Blob Storage

System Asset
Biometric Template

RESIDENCY · DE Germany

Active Directory

Data Asset
First NameSalary InformationLast NameSocial Security NumberHome Address

RESIDENCY · DE Germany

Sends To

third parties

Microsoft

Third PartyProcessor
First NameEmail AddressSalary InformationDate of BirthSocial Security Number

JURISDICTION · US United States

TalentHub HR

Third Party
First NameSalary InformationEmail AddressHome AddressSocial Security Number

JURISDICTION · US United States

01 · article 30 in a glance

Compliance officers read the diagram, not the spreadsheet.

Flow direction, residency, and data elements are visible without opening a single file. The diagram is the Article 30 register, rendered.

02 · cross-border surfaces itself

Every node carries its jurisdiction.

The diagram tells you which Processing Activity has US transfers without you having to ask. Warning treatment fires automatically on cross-border third parties.

03 · special-category flagged for you

GDPR Article 9 mapping is in the model, not in someone's memory.

Biometric, health, and other special categories render in warning treatment automatically. The flag fires before you have to look for it.

“This is the diagram your auditor keeps asking for. It’s also the answer.

acuna.io / privacy / ropa
Processing ActivitiesExport Article 30 ↓
ReferenceNameFrameworkStatus
PA-2026-042Employee payroll processing
GDPRFADP
Approved
PA-2026-041Customer support data
GDPRUK
In Review
PA-2026-040Marketing analytics
GDPR
Draft

Export columns

Reference
Framework
Status
Collects From
Stores In
Sends To
Sub-Processors

Capability 01 · ROPA

Records of Processing Activities, with the data flows in the export.

GDPR Article 30 is usually requested first, and usually hardest to produce fast when relationships are spread across spreadsheets and disconnected tools.

In Acuna, a processing activity is a graph object carrying data subjects, assets, third parties, legal bases, and personal data mappings together. Exports include relationship columns by default: Collects From, Stores In, Sends To, Controllers, Joint Controllers, Processors, Sub-Processors. Workflow states stay object-level: Draft, In Review, Approved, Needs Update.

When the authority asks and the timeline is short, you export. The flows are already in the columns.

PA-2026-042 · Article 30 export with relationship columns selected.

Capability 02 · Multi-framework

GDPR, Swiss FADP, UK GDPR on one PA, independent legal bases.

Multi-framework governance often becomes duplicate workspaces and duplicate records that drift apart over time.

Acuna runs framework governance on one processing activity. Each framework carries its own legal basis selection, review cycle, and export trail. GDPR and Swiss FADP are seeded; UK GDPR or regional overlays attach to the same PA without migration into a second tenant.

You don't run separate workspaces. You don't migrate when a new framework enters scope. You add it to the PA.

Same PA: GDPR and FADP assigned with independent legal bases.

acuna.io / privacy / pa / PA-2026-042
PA-2026-042

Customer support data

OverviewPersonal DataAssetsFrameworksTransfer
GDPREUactive
Legal basisLegitimate interest Art. 6(1)(f)
Review cycleAnnual
Next review2026-11-04
Swiss FADPCHactive
Legal basisConsent Art. 6 FADP
Review cycleAnnual
Next review2026-11-04

+ Add framework: UK GDPR, BDSG...

acuna.io / privacy / assessments
PA-2026-042Customer support data · context shared across assessments

DPIA · Threshold

WP248 screener

Systematic monitoring
Large-scale processing
Vulnerable subjects
Novel technology

DPA · Scope

Art. 28 wizard

Auto: sub-processor chain
Auto: data categories
Auto: subject categories
Audit rights clause

TIA · Schrems II

Transfer analysis

Auto: third party + countries
Safeguard: SCCs
10-question screener
Risk score
↑ all three read from PA-2026-042 ↑

Capability 03 · Assessments

DPIA, DPA, TIA: generated from the same graph.

Privacy teams should not retype the same context into three different wizards just to complete linked assessments.

DPIA uses EDPB WP248 threshold logic from the PA context. DPA reads third-party and sub-processor attributes for Article 28 scope. TIA starts from the linked third party and destination context, then computes risk based on mechanism and questionnaire answers. Shared PA context stays consistent across all three.

Three assessments. One graph. Information you've already captured doesn't get retyped into three more wizards.

DPIA, DPA, and TIA wizards sharing the same PA-2026-042 context strip.

Capability 04 · The graph, reversed

The Breach Simulator: the Data Flow, run backwards.

Pick a third party. The same graph that draws your Data Flow walks itself in reverse, surfacing every Processing Activity that depends on the compromised node, every data asset they touch, and every data element at risk. In a click, not a quarter.

On mobile you see the cascade in order: impact numbers first, then the selected vendor, then when teams use the simulator. The full two-panel layout returns on wider screens.

14PAs

affected processing activities

directly linked to the compromised vendor

9assets

data assets at risk

storing personal data processed via the vendor

47elements

data elements impacted

including 6 classified as special category

Selected third party

Microsoft

Third PartyProcessorSCC + BCR

Linked processing activities

PA-010Employee data collectionHigh
PA-2026-042Customer supportHigh
PA-2026-039Marketing analyticsMedium
PA-2026-038Product telemetryLow

When to use it

Before

Board exposure reviews. Show which vendor would cascade furthest.

During

Active incident. Scope article 33 obligations in real time, under pressure.

After

DPA or audit debrief. Demonstrate structured assessment with traceable output.

72 hours, GDPR Article 33. The supervisory authority clock starts on awareness. Scoping shouldn't take days.

When the question comes up in the next board meeting, you don’t need a quarter. You need a click.

Capability 05 · Privacy Portal

The Privacy Portal: public DSARs and PA questionnaires, one tenant slug.

Intake workflows consume disproportionate privacy effort when DSAR and questionnaire channels are split into separate systems.

Public DSAR intake runs at /privacy/request/[tenantSlug] with tenant branding, honeypot protection, and per-IP and per-tenant rate limiting. Submissions are tracked with a SHA256-hashed token. Business owner questionnaires use one-time cryptographic token links. The state machine (Stub → Questionnaire Sent → Questionnaire Received → Approved) makes approval explicit.

The chase doesn't scale. The approval does.

Split intake: DSAR public form and scoped PA questionnaire editor.

privacy.acuna.io

/privacy/request/yourcompany

Request your data

Full name

Marie Laurent

Email

m.laurent@example.com

Request type

Access · Download
Submit request

→ 30-day clock starts

/privacy/questionnaire/3f7a8c…d8e

Confirm: PA-2026-042

Data categories

4 selected

Data elements

9 selected

Retention

24 months
Submit

→ Token invalidates

Part of the platform

Inside the Acuna GRC platform: privacy where it belongs.

Privacy is not a silo. The third parties you process data through are the same vendors your TPRM program assesses. DPIA risks should roll up to enterprise risk. Security measures on processing activities should map to controls in your ISMS.

Data Privacy inside the Acuna GRC platform: four primary integrationsacunaGRC PLATFORMDPIA risk → Risk RegisterThird party → VendorPersonal data breach → IncidentSecurity measures → ControlsData Privacyyou are hereEnterprise RiskTPRMIncident MgmtISMS / ISO 27001

Also connects to: Policy · Controls · full platform overview →

Enterprise Risk

DPIA risks roll up to the enterprise risk register

TPRM

Privacy third parties share the same vendor record as TPRM assessments

ISMS / ISO 27001

Security measures on processing activities map to controls in the ISMS

Incident Management

Personal data breaches flow through the same incident model used elsewhere in governance

See the full platform →
AH

Alexis Hirschhorn

ISO 42001 Lead Auditor · Acuna GRC

Acuna Data Privacy is led by Alexis Hirschhorn, ISO 42001 Lead Auditor and Acuna's spokesperson on AI governance and privacy operations. The perspective is operational: privacy programs break at the seams between tools, and the durable answer is one connected graph, not six modules.

The decisions behind the product (the graph model, the multi-framework approach, the token-scoped questionnaires, the Breach Simulator) come from close observation of where real privacy operations lose time.

Is this for you?

You're the right fit if any of these are true.

Your ROPA lives in a tool that doesn't export relationship columns, so the data flows live in your head.

You run GDPR and Swiss FADP (or UK GDPR) and you've accepted duplicate records as the cost of multi-framework.

DSARs arrive by email and live in a shared inbox or a standalone tool with no link to your processing activities.

DPIAs, DPAs, and TIAs share no context and are filled in separately each time a new processing activity is added.

When your board or auditor asks what would be exposed if a particular vendor had an incident, the answer takes days.

Book a 30-minute demo

Bring a real PA, a real vendor chain, or a real audit scenario.

Before you choose

Questions que les opérateurs privacy se posent avant de choisir un outil

Réponses aux questions opérationnelles. Pas de discours commercial.

Un ROPA est l'inventaire des opérations de traitement requis par l'Article 30 du RGPD. Il doit capturer les finalités, les catégories de personnes concernées et de données personnelles, les destinataires, les transferts, les durées de conservation et les garanties. En audit, les champs de relation (de qui vous collectez, où vous stockez, à qui vous transmettez) sont généralement la première demande.

↑ each answer is the atomic version; links to canonical articles coming

Une AIPD est obligatoire au titre de l'Article 35 du RGPD lorsque le traitement est susceptible d'engendrer un risque élevé pour les droits et libertés. Les lignes directrices WP248 utilisent neuf critères ; en réunir deux déclenche souvent une AIPD, tandis qu'un seul critère peut encore en exiger une selon le contexte et la gravité.

↑ each answer is the atomic version; links to canonical articles coming

Une TIA évalue si les garanties de transfert restent effectives pour des données personnelles transférées hors UE sans décision d'adéquation. Après Schrems II, cette évaluation est devenue spécifique à chaque destination et mécanisme, souvent les CCT, incluant mesures supplémentaires et exposition à la surveillance.

↑ each answer is the atomic version; links to canonical articles coming

Lorsqu'une violation de données personnelles est susceptible d'engendrer un risque pour les droits et libertés, les responsables de traitement doivent notifier l'autorité de contrôle sans retard indu et, si possible, dans les 72 heures suivant la prise de connaissance. En cas de notification tardive, les raisons doivent être documentées et transmises.

↑ each answer is the atomic version; links to canonical articles coming

Au titre de l'Article 12 du RGPD, la réponse doit être fournie sans retard indu et dans un délai d'un mois. Ce délai peut être prolongé de deux mois supplémentaires pour des demandes complexes ou nombreuses, avec information en temps utile à la personne concernée.

↑ each answer is the atomic version; links to canonical articles coming

Un DPA doit définir l'objet, la durée, la nature, la finalité, les catégories de données et de personnes concernées, ainsi que les instructions du responsable, la confidentialité, les conditions de sous-traitance ultérieure, les mesures de sécurité, les obligations d'assistance, la restitution ou suppression, et les droits d'audit.

↑ each answer is the atomic version; links to canonical articles coming

Une seule activité de traitement peut porter des bases légales et des workflows de revue spécifiques à chaque référentiel en parallèle. L'enregistrement opérationnel reste un objet unique, tandis que chaque référentiel conserve sa propre piste de gouvernance et de preuve.

↑ each answer is the atomic version; links to canonical articles coming

Liez les mises à jour aux workflows opérationnels : questionnaires ciblés avec jetons à usage unique, transitions d'état pour la revue, et indicateurs de dérive au niveau objet pour les correspondances de données et les changements tiers. Cela déplace les équipes privacy de la relance vers l'approbation et le contrôle.

↑ each answer is the atomic version; links to canonical articles coming

Voir en direct

Voyez l'architecture par vous-même

Apportez une activité de traitement réelle, une chaîne fournisseur réelle ou un scénario d'audit réel. Nous vous montrerons comment le graphe le gère dans un modèle en direct.

Réserver une démo

acuna data privacy · one graph, not six modules · gdpr · swiss fadp · uk gdpr