The General Data Protection Regulation was designed to give back control of personal data to the individual while defining a clear set of rules on data protection for European Citizens. It’s not just European-based companies that need to take note, all organisations that process personal data of EU citizens must also comply with the regulation.


Data lineage plays a vital role in GDPR by mapping the flow of data within an organisation and allowing for full transparency on how it is used. Solidatus also facilitates awareness of the continued divergence between EU and UK GDPR, helping organisations understand the impact of regulatory change on their organisation’s data privacy and data management compliance. The UK’s departure from the EU and GDPR impacts many former EU regulatory obligations. Managing these divergences efficiently will be essential for businesses transacting with the EU in the future.

GDPR clearly sets out seven key principles: 

  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality
  7. Accountability 

Appropriate tooling is required to adhere to and facilitate the effectiveness of the principles to mitigate risk of personal data misuse. A solution that is both strategic and operational is required. A digital operational blueprint that allows an organisation to be truly compliant, while enhancing the business’ use of data to meet its goals.

Solidatus allows organisations to adhere to all seven GDPR principles by providing a tool that can model GDPR data requirements against their data management capabilities and onto their people, processes and data. It provides an end-to-end holistic view of data governance and a more group-wide view of data sharing while remaining compliant.

Solidatus for GDPR

By using Solidatus, an organisation gains invaluable insight into their data landscape. It enables a business to visualise and analyse to better govern what data they hold, who has access to it and for what purpose, how it moves through their systems and how it changes over time.

The Solidatus Data Privacy Module provides:

  • a digitised version of GDPR that enables an organisation to directly link regulatory clauses against their processes, the people that interact with them and the data that is generated and utilised by them;
  • the Solidatus Data Privacy Module also allows organisations to track changes in the regulation over time to automatically assess the impact of regulatory change;
  • enables businesses to create a common taxonomy of several data privacy regulations such as CCPA, PDPALGPD, etc, to allow for simplification of implementation and reuse of regulatory work product. Organisations can additionally compare privacy regulations across several dimensions including scope and jurisdiction.

Company-wide collaboration

Through its collaborative and crowdsourcing model, Solidatus allows for quick and effective enterprise-wide identification of where personal information is held. Working with all teams across the organisation, a clear understanding can be made of exactly where data is and how it’s being used in business and IT processes.

Visualise and map Metadata

Data flow can be clearly mapped out to visualise each contact point, and ownership can then be assigned. Once an organisation has this knowledge they are able to quickly and confidently fulfil a ‘Right to Erasure’ request knowing that they have removed it from every possible place it has been held.

Proactive approach to compliance

Solidatus enables companies to prove to the regulator that they are taking a proactive approach to GDPR by clearly documenting and auditing their data landscape and privacy impact assessment. Solidatus can quickly discover, document and share models, simplifying the process of being compliant.

Demonstrate PIA risk

Solidatus can demonstrate to the regulator how and when Privacy Impact Assessments (PIA) were conducted and prove how information is collected, stored, used, deleted, and who has access to it. It also clearly shows that data privacy is a key consideration for future change.


  • Allows for full auditability and transparency
  • Immediate outcome reports and traceability
  • Ability to assess the impact of future change
  • Provides a ‘real-time’ snapshot of the organisational policies at play historically
  • Integrates with other applications within the organisation and provides reporting and multiple outputs
  • Provides capability to digitise complex policies and map to multiple other organisational processes as well as external influencers
  • User friendly and adaptable interface
  • Requires limited resources to maintain a solution


Simple to use

The intuitive and simple web interface is easy to use and requires little or no training.

Easy access

Solidatus is a browser-based application and it can be up and running in the cloud in minutes.

Rapidly categorise

Import and export data between Solidatus and from other systems using the data connectors.



Immediately start modelling and easily identify where additional discovery is required.

Accelerate discovery

Accelerate discovery by sharing parts of the models to identified system experts to fill in the detail.

Create & share views

Easily share with management and colleagues for immediate feedback and approval.

Solidatus for GDPR Model

Solidatus is used by some of the world’s largest financial institutions

steps identitifed by the ICO to take now


Maximum fine (global revenue)

Companies need a Data Protection Officer

Became law on 25th May 2018

Accelerate your GDPR Compliance

Award-winning Solidatus is empowering enterprises globally to accelerate their understanding and optimisation of their data and organisational processes. The Solidatus methodology for digitally transforming organisations to be data-centric and lineage-enabled is changing how businesses discover, document, map and manage their data.

Solidatus is a member of the EDM Council.

© 2021. Threadneedle Software Holdings Limited trading as Solidatus | Privacy Policy