Product · GDPR
GDPR done right. From an EU team.
The non-negotiable for any deal involving EU residents' data. Veylan generates your Record of Processing Activities, runs DPIAs, maintains your sub-processor register, and gives you breach playbooks — all from the systems you actually run.
What you ship.
Record of Processing Activities (ROPA)
Auto-built from your stack inventory. Article 30 compliant, exportable as PDF or XLSX.
DPIA workflow
Veylan walks you through each new high-risk processing activity and produces the DPIA document.
Sub-processor register
Public, versioned, auto-updated when you add a vendor. Notify customers automatically.
Data subject request (DSR) handling
Intake form, identity verification flow, fulfilment workflow, audit log.
Breach playbook
72-hour notification clock, supervisory authority contact list, comms templates ready to go.
Cross-border transfer assessments
SCCs, transfer impact assessments, and an honest map of where your data actually flows.
Common questions.
- Are you a Data Protection Officer service?
- No — Veylan is software, not a DPO. We give your DPO (in-house or fractional) the artifacts they need to do their job in hours instead of weeks.
- Does Veylan itself sign a DPA with us?
- Yes. Standard GDPR-compliant DPA at sign-up, SCCs included where applicable.
- Do you support Schrems II / TIA requirements?
- Yes. Transfer Impact Assessments are baked into the cross-border transfer workflow.
- Where is your data stored?
- EU region of Supabase (Frankfurt). Veylan is incorporated in Germany.