Setting a new standard for GDPR auditing

Privacy, compliance, and audit teams require real-time visibility into all third-party access to their information assets to adhere to GDPR guidelines effectively. I was a part of the team who designed and developed this in 2024.

At ComplyCloud, I managed the design team’s daily operations, which involved creating career development plans, fostering team growth, and establishing a product design playbook that defined our workflows and tools.

 

In addition to this role, I also served as an embedded designer within a product team, focusing on delivering new features and enhancements for users

To address this need, we developed a fully guided vendor audit flow at ComplyCloud. As the lead designer on the product team, I was responsible for conceptualizing, designing, and implementing this solution, focusing on customer and user experience.

 

Currently, most compliance professionals rely on spreadsheets and control lists for conducting audits. However, this process can quickly become overwhelming, with an average of over 30 vendors to manage.

 

Additionally, these tools offer limited automation capabilities, requiring auditors to handle numerous manua

Our solution provides a user-guided experience that automates many manual tasks typically associated with compliance. This not only saves time but also ensures accuracy, relieving the burden of manual updates and interactions.

 

The system tracks and documents changes throughout the audit process, allowing companies to record their compliance activities comprehensively.

 

Users can follow the guidelines from Datatilsynet directly within our app, ensuring alignment with the highest standards. This alignment with GDPR guidelines provides a sense of security and trust in the solution.

 

We simplified information collection from vendors by automating surveys, emails, and document gathering where teams need it most. By leveraging existing documents and vendor knowledge, we gave users a head start on audit preparation. Additionally, we facilitated the creation of final audit reports by suggesting content based on the gathered materials.

 

We initially launched a basic version of this solution to a select group of customers, collecting feedback through interviews and analytics.

 

This iterative development process, which values and incorporates user feedback, ensures that the product meets the needs of all users before rolling it out to all users.

ComplyCloud believes that compliance should be straightforward, transparent, and automated. We accomplished this through an all-in-one platform for data protection and IT security compliance, integrating legal and IT expertise with software to automate compliance management and deliver the necessary documentation for businesses.