AnyData Solutions

AnyData GDPR Audit

Powered by the Award Winning AnyData machine learning and AI Platform, AnyData GDPR Audit Solution manages compliance process automation to address the sweeping new EU General Data Protection Regulation (GDPR). Additionally integrate other value-added GDPR services including contract management and compliance tracking to take a huge step towards GDPR compliance.


  • Identify the parties you share data with
  • Collaborate insights with dashboards and scheduled reports
  • Ask any question of the data.
  • Discover, combine, tag, search, analyze, report and manage “personal data”
  • Superfast search, easy visual query and customisable views.
  • Live Dashboards automate reporting and insights.
  • Accessible from any device and secure collaboration.


  • Locate those parties (relative to the EU etc.)
  • Create an ongoing efficient solution
  • Track, report and maximise your defensible compliance positions.


£10000 per instance per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


AnyData Solutions

Steve Hayward

0203 126 4913

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to AnyData's GDPR Audit solution can run standalone or as a fully integrated solution with other AnyData Solutions including Spend Analytics, Supplier On-Boarding, Contract Management & Compliance and Self-Service BI
Cloud deployment model Hybrid cloud
Service constraints No
System requirements Accessable via any standard web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our support team will respond to tickets within 24 hours of receipt. Additional SLA's are available on request.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Customers are assigned a customer account manager.
Our service desk personnel are technical engineers equipped to deal with any technical issue.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We can provide onsite training, online training, or user documentation.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction We provide an off-boarding process to provision complete copies of the customers data, normally in SQL backup format but other formats can be agreed.
End-of-contract process Within 14 days of termination we will provide the customer with and encrypted copy of their data in SQL format (other formats are available at additional costs). Any additional works required, e.g. extract of documents from data, querying or additional extracts of specific data are additionally charged based on requirements. Once data has been successfully transferred, AnyData Solutions will destroy any data still within its possession.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our applications are fully responsive.
Accessibility standards None or don’t know
Description of accessibility Uses can customise colours and fonts from within their own user settings.
Accessibility testing None
What users can and can't do using the API We offer many API's for our products, most are SOAP/XML calls to web services. Custom API's can be designed on demand.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation Any user with sufficient permissions can alter the appearance (font/colours etc.) under their user settings.

Users can create their own views, dashboards and views.

Our products are all built using our visual development framework, depending on the complexity custom requirements can be delivered within hours.


Independence of resources We operate an elastic hosted environment with 24/7 monitoring which allows instant ballooning of resources and real-time metrics for accurate requirement provisioning.


Service usage metrics Yes
Metrics types Our applications have full audit trail of all changes made within the system. User activity can be view in built in real-time dashboards.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can export data at any time subject to permissions.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • Xml
  • PNG
  • TIFF
  • JPG
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • ODBC Database Providers

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99.5% during core working hours.
Approach to resilience We operate our systems under no single point of failure. Additionally, we operate warm DR systems in a separate data-centre meaning we are capable of bringing live systems back online within 5 hours.
Outage reporting AnyData's support team will notify any customers affected should an outage occur to the customers nominated representatives.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Support channels can only be used by recognised and registered personnel. Management interfaces and access to them are fully controlled by the customer who can assign roles and responsibilities as required.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Security governance forms part of our ISO quality management system, all staff members must sign to state they have read and understood and this to be repeated no less than annually.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All our source code is tracked using Team Foundation Services which logs all changes made and impacts. All changes made to our hosted environments follow a full an automated change control process both are audited in accordance with ISO27001.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We use various sources to recognise potential threats, we also scan our environments for known threats on a weekly basis. Additionally, any code fix issues can be patched and deployed within 24 hours depending on the severity of the issue.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Through our ISO requirements we have specific processes and procedures in place to actively monitor (through both our own technologies and those used by our Service Provider) and react to any potential compromises. Normally we would inform any customers affected as soon as possible.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our incident management process is audited in accordance with ISO, the exact process would differ based on the type and severity of incident and whether forensic analysis or legal conformance is required.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10000 per instance per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full 30 day trial


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑