New California's Consumer Privacy Act (CCPA) enforceable from January 1st. Find out how to comply ->
Iubenda Internal Privacy Management
The solution to easily document all the data processing activity within your organization
for GDPR
Create your record of processing activity: add processing activities from 700+ pre-made options, divide them by area, assign processors and members, document legal bases and other GDPR-required records.
Not sure what you need? Getting started guide
The requirements
In order to comply with privacy laws, especially the GDPR, companies need to keep a record of how they store and use the data they collect from users. In particular, they must document in writing:
Security measures
Legal basis for processing
Data transfer outside of the EU, if any
The parties that you share the data with, both inside and outside of your organization
How it works
1. Define areas
Areas are perimeters within which data processing activities are homogeneous. Examples of areas are your website, mobile app, physical stores, employees, recruiting, manufacturing facility etc.
2. Add processing activities to each area
For each area, you can add processing activities out of a list of 700+ pre-made ones. For instance, you'll add “Payroll processing” to your “employees” area, or “Google Analytics” to your “website” area.
3. Add details about each processing activities
For each processing activity, add your data retention policy, security measures, legal basis for processing etc.
Features and benefits
-
Easily compile your record of data processing activity
Easily make your organization GDPR compliant
Add areas to granularly describe your processing activity
Seamlessly integrated with all the iubenda compliance solutions
Easy to use and comes with 700+ pre-made processing activities you can add to your areas
Manage multiple projects with a single account
Describe the details of your data processing activity
Define security measures for each data processing activity
Define retention policy for each data processing activity
Define all the GDPR data processing details
Assign members to areas and to processing activities
Define roles for each member (Controller, Processor, member of the controller's organization, subject)
Coming
Create and export reports
Coming
Automated Data Protection Impact Assessment (DPIA)
Coming
Generate and manage data processing agreements with processors, employees and members in general
Coming
Generate and manage internal privacy documentationTrusted by over 60,000 clients in 100+ countries
![Capterra rating]()
Best reviewed GDPR Compliance Solution on Capterra with 5 stars
“If you, like me, are part of a smart team and hate updating your privacy policy every time you add some code to your site, then iubenda is for you. It's ridiculously affordable, and super easy to use.”
FAQ
Is the IPM Tool only for companies trying to comply with the GDPR?
Even though the GDPR is a common reason to put more effort into internal privacy management, our tool is not exclusively made for application under the GDPR. It can also be used for internal privacy management in general, even by companies who do not have any users/customers within the EU.
How does the Internal Privacy Management tool work?
The IPM tool makes the complex task of managing internal privacy a simple and straightforward one. The tool lets you define specific ares of data processing, add processing activities and members involved in the processing to each area and also lets you add all necessary details related to the processing activities. This makes it simple for you to comply with requirements (including but not limited to the GDPR), and track and manage the data you collect, the purposes for collection, all parties involved, company details — including data of employees — and more.
Not sure what you need?
Read our Getting Started Guide
Chat with us live or contact support
Or join us at our next webinar to get an overview of the legal requirements and ask live questions
Part of a 360° compliance solution
A complete set of solutions to make your website or app compliant with the law, across multiple languages and legislations
Privacy and Cookie Policy Generator
Create your privacy and cookie policy in minutes.
Explore
Customizable from 700+ clauses, available in 8 languages and automatically updated if the law changes, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app.
Cookie Solution
Manage consent preferences for the ePrivacy, GDPR, and CCPA. Integrated with the IAB TCF and US Privacy Framework.
Explore
Our solution allows you to display a fully customizable cookie banner, collect cookie consent, implement prior blocking, set advertising preferences, collect explicit consent to Google personalized ads and more.
Terms and Conditions Generator
Create your terms and conditions in minutes.
Explore
Customizable from hundreds of combinations, available in 8 languages, powerful and precise — our solution is capable of handling even the most complex, individual scenarios. Optimized for e-commerce, marketplace, SaaS, apps and more.
Consent Solution
Collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.
Explore
Our solution smoothly integrates with your consent collection forms, syncs with your legal documents and includes a user-friendly dashboard for reviewing consent records of your activities.
Internal Privacy Management
Document all the data processing activity within your organization.
Explore
To comply with privacy laws, and particularly the GDPR, companies need to record how they store and use the data they collect from their users. Our solution allows you to easily document all the data processing activities within your organization.
Enterprise
Hundreds of enterprises rely on iubenda for their online compliance throughout multiple properties and legislations.
Looking for custom documents?
Our international network of lawyers can provide you with tailored documents and a full compliance review.
Become a Certified Partner
iubenda's Partner Program is designed for agencies and web professionals seeking to expand their expertise and assist their clients in making their websites, apps and data processing activities compliant with the law.
