Privacy & Data Protection

For most organisations, yes. Fig provides ROPA, DPIA, DSAR, consent management, breach notification, and Privacy by Design in one platform connected to your compliance engine. Organisations with very complex cookie consent or vendor management requirements may use both.

When an incident involves personal data, Fig automatically calculates the GDPR 72-hour notification deadline, links to the affected processing activity in the ROPA, identifies impacted data subjects from the consent register, and pre-populates the regulatory notification template.

Yes. Subject access requests are tracked from intake through to response with statutory deadline monitoring. Response workflows include data gathering, review, redaction, and delivery with full audit trails.

Changes flagged as affecting personal data processing automatically trigger a DPIA within the change workflow. Privacy assessments are completed before the change is approved, ensuring compliance is built in from the start.

Yes. Fig supports both UK GDPR and EU GDPR requirements, including the differences in supervisory authority notification, data transfer mechanisms, and lawful basis documentation.