The Flowz approach

Flowz is a SaaS (Software as a Service) business, which provides a solution to record the information flowing around an organisation. The software provides a risk score against the information and flows within the organisation, assisting in the compliance of the new GDPR law.

Product Features

Many of the GDPR articles can be mapped together to give a logical and simple 5-step approach to on-going GDPR compliance (click here for more information). This all starts with knowing what data you hold, about who, for what purpose and the lawful basis. For this reason, much of the initial effort towards GDPR compliance by organisations is first data flow mapping, followed by implementation of systems and processes to capture new processing activities from creation and engage management control for the life of that processing activity. This all comes together in a rich Record of Processing Activity.

Flowz takes the minimum information required for a Record of Processing (GDPR article 30/recital 82), and allows users to add attributes to the data collection templates to enable them to collect data and report on any aspect of their data processing – although it isn’t necessarily only personal data which can be mapped and reported in Flowz, as many customers are using Flowz for other purposes, including corporate data (FoIA) and contract management.

Flowz adds the facility to give attributes risk indicator values so that information risk can be reported against proportional mitigating controls to meet the conditions for appropriate Security of Processing (GDPR article 32/recital 83) and give overall risk indicator values to processing activities for effective DPO monitoring and reporting (GDPR article 39).

Some of the unique benefits that Flowz offers come from overlaying the ISO27005 (Information Security Risk Management Standard) approach and definition of Primary Assets. This enables Flowz to report on the different lawful basis (GDPR article 6) for processing of data at rest (Information Assets) and transactional data (Data Flows) and the varying risk of each.

Flowz then introduces a variety of enhanced functions to provide a firm foundation for compliance assurance, including:

  • Evaluation of data processing contracts against (GDPR article 28)
  • Public interest test evidence (GDPR article 6(e))
  • Legitimate interests of the data controller test (GDPR article 6(f))
  • Assessment of breach reporting requirements (GDPR article 33)

Finally, Flowz messaging and workflow automation makes the whole arrangement easy to manage and deploy, for maximum assurance and management control.

The benefits of using Flowz


Supports or delivers GDPR information asset requirements such as

  • Data Flow Mapping
  • Information Asset Risk Register
  • Identifying where contracts and sharing agreements are required
  • Identifying flows outside the UK
  • Identifying flows which should be pseudonymised
  • A valid and up to date risk assessment programme for all Information Assets and flows
  • Anti-virus, access control and Business Criticality for Business Continuity
  • Network security and mobile and remote working security

Significantly reduces the risk of fines


Reduces the on-going cost of managing information flows and assets through a simple browser-based interface


Supports GDPR information audit requirements such as

  • Confidentiality audit
  • Multi-professional records and availability audit
  • Internal and external coding audit
  • Coding audit programme
  • Completeness and validity audit
  • Information lifecycle audit

Assists with ISO27000 standards compliance


Helps to identify those information assets you didn’t know you had


Ensures information flow mapping becomes a valuable resource rather than a costly annual exercise

Professional Services


Personalised Configuration

Flowz is configured for all small to medium sized companies who purchase the Essentials, Business and Premium Business packages on our website. We offer custom configuration for all enterprise packages, where our dedicated team personalise the system, specific to your organisation.’ To ‘While we offer an out of the box system, we offer services to conjure Flowz to your exact requirements, quickly and easily.


While the Flowz system is intuitive and easy to use, many customers prefer to have training from the system author.  Dependent on your approach to training, we are able to provide End User and also Train the Trainer training, either on-site or via WebEx.   Be sure to discuss your training requirements with us, so we can design the best solution for you.

Data Import

Do you have any existing data that you think can be used in your Flowz system?  Our technical team may be able to import this data for you, to save you time in getting Flowz up and running. We will review a sample of the data to see if it can be used and the best way to use it in Flowz, then provide you with an estimate of the associated costs and timeline, to help you get up and running as quickly as possible.

Single Sign On

Through the use of open industry standards and specifications such as SAML 2.0, Flowz can leverage customers’ existing Single Sign-on solutions to manage access to our application. Support includes SAML 2.0-compliant Federated SSO solutions such as Microsoft Active Directory Federation Services (ADFS) and Shibboleth.

Deployment Support

Getting started with Flowz is just a click away. Our team consists of experienced project managers who can guide you every step of the way. We take pride in the work we deliver for our customers and we have a dedicated team of people that will help you manage your organisation, teams, managers and risk owners ensuring everyone knows what needs to be done to comply with the GDPR.

GDPR Support pack

Our GDPR Support Pack combines mandatory and useful GDPR policies, procedures, checklists and templates, with supporting documents for complaint handling, risk management, audits and monitoring, information security and more.
Creating an asset
Creating a flow