Record of processing activities (ROPA) 

The smart GDPR compliance tool – that helps you get started – keep your documentation in place & show accountability!

En konsekvensbedömning ska innehålla information om vad ni ska göra för att garantera säkerheten för de registrerade.

Our solution

A digital cloud service where you gather all information about your processing of personal data, in particular with focus on record of processing activities, and get help by different help-functions (?-boxes, videos and a chat). We want to see you succeed and the GDPR compliance tool has been designed for all (regardless of GDPR-knowledge). It shall be possible for everyone to take inventory, map and document personal data processings.

Frequently asked questions about our tool

What is GDPR Hero?

A cloud-based tool for managing and facilitating compliance with the General Data Protection Regulation, GDPR.

GDPR Hero is designed to be scalable and fit different sizes of customers, and can do so from companies, associations, organizations and public authorities.

GDPR Hero has the opportunity to structure the company’s personal data in a clear way. It is possible to enter unlimited categories of personal data processing into an account. Recipients of personal data, such as data processors or data controllers, as well as your own assignments as data processor can be documented. The tool gives you a good overview of the personal data management and you also get help with organizing your data processeing agreements, preparing data breach reports to individuals and to the supervisory authority. Further you can compile a report that can be used as partial documentation to fulfill the right of access by your data subjects. In addition, GDPR Hero has a full menu of features regarding technical security measures and how you work with them.

The subscriptions also include news coverage and online support.

How does GDPR Hero function?

In short, it functions as a bookkeeping program of personal data. You structure the personal data that you process and associate it with the category of data subject that it refers to. All data you enter into GDPR Hero is categorized data and not actual personal data (they may remain in your existing systems). All categorization then becomes a record of personal data processing required in accordance with Article 30 GDPR.

In the tool you show organizational security measures through system descriptions and access to the data, where you also have the opportunity to get an overview of how the access to the various personal data is within your organization. You can get an overview of your relationships with personal data processors, and also the situations where you act as data processor yourself.

You also have the opportunity to document transfer of personal data to e.g. authorities and other personal data controllers. It is possible to create documentation and reports of incident reports when a personal data incident has occurred, both to the data subject concerned and to the supervisory authority. In addition, you can create reports that you can communicate to data subjects upon request when exercising the right of access.

Can we get a demonstration of GDPR Hero?

Of course! We arrange free demonstrations through Teams (no software is needed) – and you can request a demo by clicking here!

Can we try GDPR Hero?

Yes, we know for experience that it is nice to try something new first – so we offer 30 days of trial. Which means that you are able to end the service (for free) within 30 days of registration, so if you cancel the service during the first 30 days, we will credit your invoice

Is there a subscription period?

Yes, a GDPR Hero-subscription is 12 month.

The subscription fee is invoiced for the whole period at once and we have very competitive prices (from EUR 39/month).

You always have 30 days of trial, from the date of registration (read more in the section above).

What payment method do you offer?

To make the payment process as smooth as possible we offer invoice to all our customers (terms of payment is 30 days). This is an easy way to be able to try out our service – which you have fo 30 days, after signing up for an account.


The invoice can be send by e-mail (PDF-file) or letter – which you choose yourself in the registry form when signing up. 

Is GDPR Hero a tool for us?

Yes! We have built GDPR Hero to be scalable and also adjustable for different sizes and types of organizations. 

We offer three different sizes of subscriptions; SMALL, MEDIUM and PREMIUM. 

A SMALL subscription means that you have access to one account and one set of log in credentials. This subscription is adapted for the small organization where there is one person active in GDPR Hero. 

A MEDIUM subscription includes the feature of creating an unlimited number of user accounts, which makes it possible to involve several employees in this important work. This is our most popular subscription and tailored for companies that have some involved people who handle GDPR related work and thus get individual user accounts. 

The largest subscription we offer is PREMIUM, which consists of an account hierarchy. The highest level is the master account from which you can create so called “GDPR Hero-accounts”. One GDPR Hero-account can be used by an affiliated company or a certain division of the company. You can create the account hierarchy that suits your business. The lowest level in the hierarchy is the user accounts that can be handed out to the relevant staff. This subscription is aimed at companies with a larger organization such as a group of companies or a business who has operations in several countries, or a business that have large departments that individually wish to keep a record of processing activities

Can we get help to get started?

We know that it can be difficult to get started with a new system! If you haven’t already attended a demo of GDPR Hero we recommend you to do so now (click here to book) – you will get an introduction of the different sections and functions within GDPR Hero.

If you want to have more customized help to get started, we offer additional services to get you and your company right on track!

Find out more by contacting us at

Where is the data we enter into GDPR Hero stored?

GDPR Hero do not use integrations or connections (API etc.) to other systems. It is developed and designed so you do not have to enter any large amount of personal data, to avoid unnecessary processing of personal data, because we cherish your data protection!

You can find all information about security and how we handle security measures here!

Some of the benetfits with our tool 

Logging of your processings

It’s safe to have all information gathered in the same place where also changes (and editor) are logged.

We keep you updated

We update the service due to cases, compiles checklists and give you tips based on applicable law

The cost is not higher if you are more people

It’s not more expensive if you are more people involved, since it’s important with knowledge about GDPR in the organisation.

Functions (included in all subscriptions)

Document database

We publish checklists, guidelines and recommendations to keep you updated.

Reports to data subjects

You can easily create a report and communicate it to the data subject in case of questions.


Data processors

You can register your data processors and keep an eye of your data processing agreements.

Organisational security measures

You can establish a responsible  person to every processing and document persons with access to the data


Both technical and legal support is included to give you the best opportunity to use our tool!


Add your personal data processing based on our templates.


Data breach management

Document your personal data breach’s by using our questionnaire.