Do you process personal data? If so, GDPR legislation sets that you must implement some changes!

The GDPR obligations are applicable to all businesses, from sole trader businesses, SMEs to large enterprises. Everyone has to comply with the new Belgian privacy act for the protection of personal data. Many organisations erroneously believe they do not process personal data. The contact data of all customers, suppliers and employees is classed as personal data.

GDPR Compass

GDPR Compass performs a diagnostics for every domain to which the GDPR legislation applies.

  • Customer management
  • Supplier management
  • Staff management
  • Controlling of employees
  • Payroll administration
  • Communication
  • Direct marketing
  • Accountancy
  • Public relations
  • Shareholders' or associates' administration
  • Access control
  • Litigation management

Discover the GDPR tool that will guide you through the process step-by-step


Thorough the diagnostics of every data process via simple yes-and-no questions

Risk analysis

Risk analysis and scope of the GDPR legislation for your organisation

Specific step-by-step plan

Specific step-by-step plan of activities to be undertaken provided in a clear report

GDPR compliant in just six easy steps

  1. Open the email message containing the unique link and log in using your username and password
  2. Create a new processing operation
  3. Enter data in the internal record
  4. Answer all yes-or-no questions
  5. Download the report
  6. Perform the recommended activities

Meeting the GDPR obligations? The GDPR Compass makes it easy!

A unique tool based on our multidisciplinary know-how and our extensive network.
unlimited number of processing operations ant thorough diagnostics of any scenario.
Are you unfamiliar with the GDPR terminology? Not a problem: you do not need to be an expert to be able to use our tool.
You work through the GDPR measures step-by-step based on user-friendly yes-and-no questions.
Work at your own pace: save the results and change your answers at any time.
Switch languages at any time. The Dutch and the French version of the report are always available.
Start working on the clear report and the specific action of the analysed answers to the questions and steps to be followed.
An internal GDPR checklist provides solutions and documentation for external supervisors.

When your customers, stakeholders and other business partners know how you process their data and they know you comply with the GDPR legislation this will increase their trust in you.


How to get started?

A unique GDPR tool at an exclusive discount for members

The GDPR Compass can help you become GDPR compliant for just 1,700 euros.

Agoria members are entitled to an exclusive discount and various additional benefits.
Discover your exact discount by filling in the order form!

Frequent updates on GDPR measures are included in the price. The GDPR tool is available until 31 December 2020


The GDPR tool helps you create a list of all processing operations within your organisation and check whether these comply with the General Data Protection Regulation. The measures to be taken to ensure processing operations comply with the GDPR legislation are listed when possible. The GDPR tool was developed to help with the implementation of GDPR obligations.

Preparing for GDPR compliance starts by collecting information on personal data processing at your organisation. Collect the data using the Internal Record of processing activities.

The GDPR Compass asks whether you have filled in the Internal Record when you start the GDPR tool. If you do not check the box, you cannot answer questions on GDPR obligations. Only answer with a yes if you have set up the inventory, otherwise you will not have complied with GDPR legislation.

Our Internal Record template will guide you through the process. The Internal Record template includes reply options which comply with the GDPR. Select the appropriate options from the drop-down menu to indicate the processing information for your organisation. Your personal Internal Record will, therefore, contain an overview of all main data processing information. You enter data for every data processing (category) separately. This forms the basis for the answers to the questions.

Every activity related to personal data is a 'data processing operation' that must comply with the GDPR.

The GDPR describes a processing operation as a process or set of processes that is carried out in relation to personal data, using automated procedures or not, to fulfil a single general purpose. For example, collecting, registering, sorting, structuring, saving, updating or changing, requesting, consulting, using, issuing by forwarding, distribution or in any other way making available, aligning or combining, protecting, deleting or destroying data.

The processing operation term does not match the technical reality of existing applications, programs and files.

All applications, programs and files used for HR purposes form part of the HR processing operation. This includes various elements, such as the employee administration, job descriptions, assessments, etc. The Belgian privacy act for the protection of personal data applies to all these elements. The GDPR also applies to the payroll administration.

A processing operation for direct marketing purposes can consist of a program used to collect prospects either through the organisation's own channels or third party channels, to manage, to classify and/or to use the data to send marketing communications.

This GDPR tool was mainly developed for Data controllers to help them prepare for the GDPR. What are the risks linked to processing operations? How can I minimise the risk?

It is a GDPR checklist for the Data controller to determine the framework for his or her work and the guidelines for the Data controller(s).

Every person who processes data is a Data controller. Anyone who supplies IT services, assigns work to employees, has customers and possibly suppliers and keeps accounts. The supplier is the controller in relation to all the above data processing operations.

The GDPR tool does not guarantee compliance if you do not take the necessary measures. The GDPR Compass indicates whether the data processing does or does not comply with the legal framework of the GDPR. The GDPR tool also indicates which measures must be taken.

Determining which technical and organisational measures are appropriate to protect your data is also required for your data protection policy. GDPR legislation applies to the protection of data. The level of protection depends on the risks involved.

The GDPR Compass does not provide information on the risks of a security breach and whether the security breach must be reported or not. This is also covered by the GDPR. Would you like to know more about data leaks? Read our tips on data protection policies.

The results per data processing operation can be printed and archived. You can also save a digital copy.

Once you have answered the questions, the GDPR tool generates a list of issues that need to be changed to comply with GDPR legislation in Belgium.

The saved results can be used to compare with future activities to determine the progress of the implementation of GDPR measures within the organisation.

The GDPR Compass results can be used for accountability purposes to prove compliance to the supervisory authority. These documents combined with all other measures prove what your organisation has done to comply with the Belgian privacy act for the protection of personal data.

The GDPR tool was developed with data processing operations in Belgium in mind.

Even though the GDPR is a European regulation, there are a few differences between the different national rules and regulations.

These differences do not mean you cannot use the GDPR Compass to help with GDPR compliance for processing operations in other countries. The differences are related to a few of the GDPR Compass questions. The GDPR Compass FAQ provide information on these differences.

Our GDPR tool is your guide through the GDPR landscape:

  • Open the email message containing the unique link
  • Log in using your username and password
  • Create a new processing operation
  • Enter data in the Internal Record
  • Answer all yes-or-no questions
  • Download the report
  • Perform the required activities
Please view the demo video here.