GDPR compliance, without the headache

Yes. GDPR applies to every business in the EU that handles personal data — even a contact form on your website counts. The regulator can fine SMEs up to €20 million or 4% of annual turnover, whichever is higher. The good news: small businesses don't need to do as much as a multinational, but they do need the basics covered.

Free generators give you one document — usually a template that's not specific to your business and never updated. GDPRFolder generates a complete compliance package (privacy policy, ROPA, vendor agreements, breach procedures, and more), tailors everything to your actual business through the wizard, hosts your documents on a live URL so updates are automatic, and gives you a dashboard to prove your compliance. It's the difference between a one-time PDF and a living compliance system.

A lawyer typically charges €5,000 for the initial setup, takes weeks of back-and-forth, and gives you static documents that go out of date the moment your business changes. GDPRFolder is €490/year, gets you compliant in 30 minutes, and keeps everything up-to-date automatically. For SMEs without sensitive data, a lawyer is overkill. (For complex situations — health-tech, fintech, large international transfers — we recommend pairing GDPRFolder with occasional legal review.)

Yes. Templates are reviewed by certified legal DPOs and built on the GDPR's actual requirements. They're updated within 30 days of any regulatory change. The platform is designed by Jacques Folon — 20+ years in data protection, founder of Belgium's longest-running DPO training programme, and member of the European Data Protection Board's Support Pool of Experts.

We cover GDPR across all EU and EEA countries. If your business is based in the EU or serves EU customers, GDPRFolder works for you.

No. GDPRFolder is built for living compliance. When your business evolves — you add a new tool, hire your first employee, expand to a new country — you go back into the wizard, update the relevant section, and the platform automatically refreshes your documents and dashboard. Compliance stays current without you starting over.

Your subscription renews and you keep everything: hosted documents, automatic updates, dashboard access, support, and the public Compliance Badge. If you cancel, your hosted URLs stop working and your documents are no longer maintained.

Yes. The platform generates an audit-ready evidence pack (your full compliance file plus all uploaded documents) as a single ZIP. You can also create a read-only Auditor Access link that lets a regulator, lawyer, or DPO review everything without needing an account.

It's a verified badge — Bronze, Silver, or Gold — you can display on your website to show customers you take privacy seriously. Anyone clicking it lands on your live verification page, which always reflects your current compliance status. It's one of the strongest trust signals you can put on your site, and it's included in your subscription.

GDPRFolder supports the most demanding compliance needs through the Peace-of-Mind level, which includes Data Protection Impact Assessments (DPIAs), Transfer Impact Assessments, and advanced sub-processor due diligence. For those sectors, we recommend either the Compliance Concierge service or pairing the subscription with periodic legal review.

With the subscription (€490/year), you do the wizard yourself — about 30 minutes. With the Full Setup Service by an Expert (€1,500 one-time, includes one year of subscription), our experts do it with you across three sessions: we gather your documents, complete the wizard for you, and deliver your full compliance package ready to use. Same end result, two ways to get there.

Yes — we'd be in a difficult position otherwise. All data is encrypted at rest and in transit, hosted in EU data centres, with role-based access controls, audit logs, and regular security reviews. You can request our security and processor information directly from the dashboard.