Whisperly Platform Functionalities
An overview of all functionalities available to the Customer through the Whisperly Platform.
1. My Activities
My Activities feature serves as the Customer’s personal task management dashboard on the Whisperly Platform. It provides a clear overview of all outstanding tasks in a dedicated to-do list, and tracks completed tasks in a done list.
This functionality also includes an integrated notification feed that alerts the Customer to new assignments, upcoming deadlines and other relevant updates.
Through the My Activities functionality, Customers can efficiently manage and prioritize their compliance-related responsibilities in one place.
2. Data Privacy Flow
Records of Processing Activities (RoPA)
Whisperly Platform offers an integrated suite of functionalities for managing Records of Processing Activities (RoPA) in accordance with Article 30 of the GDPR.
This section is designed to assist organizations in fully documenting the lifecycle of each processing activity, from role qualification to risk assessment and retention. It is structured to enable even non-lawyers to document processes accurately and support the privacy department in maintaining the documentation process.
The Whisperly Platform guides Customers through three interrelated functionalities:
RoPA Role Identification
where the Customer, through an intuitive chart, determines its legal role (controller or processor) for the processing activity;
RoPA Controllers
where Customers document the processing activities carried out when acting as a data controller;
RoPA Processors
where Customers record relevant information when they operate in the capacity of a processor.
Each of these functionalities provides a structured workflow that combines guided input forms, modular navigation, and role assignment options, enabling Customers to easily enter, organize, and maintain the required documentation in a consistent and traceable manner.
RoPA Role identification is the first step in documenting a processing activity within the Platform. Through a chart-based interface, Customers determine whether they act as a controller or processor. This classification defines the legal basis on which the processing is documented and determines whether the controller or processor form is to be completed.
RoPA Controllers enable Customers to comprehensively document all relevant aspects of processing activities for which they act as a data controller. The module is structured as a guided workflow divided into intuitive steps, allowing Customers to enter key information such as the general purpose of processing, categories of personal data involved, relevant recipients, applicable retention periods, and associated risks. The interface also supports role assignments, due dates, and organizational labels, facilitating collaboration and enhancing internal accountability. By breaking down the documentation process into logical sections, the ROPA for Controllers functionality enables the creation of consistent, structured, and compliant controller records across the Customer’s organization.
RoPA Processors enables Customers to document processing activities in which they act as a data processor on behalf of another controller. The workflow is structured to capture all relevant information required under data protection law, including the identity of the controller, categories of personal data processed, processing purposes, and safeguards implemented. This functionality provides a structured workflow for documenting the required information from the processor’s perspective, ensuring that the Customer maintains compliant records of such activities in accordance with applicable data protection obligations.
Other Privacy Flow Functionalities
Library serves as a centralized space for uploading and managing internal documentation. Customers can store and access files relevant to data protection operations, including policies, templates, agreements, and others. Documents are listed with file details and upload metadata, ensuring traceability and version control. This centralized repository supports consistent document management across the Customer’s organization and facilitates quick access during internal reviews or external audits.
Data Hub serves as a centralized glossary for maintaining standardized terms used throughout the Platform. Customers can define and manage structured entries, such as categories of processing, legal basis, contract types, protection objectives, etc., which are then available for tagging and reuse across other functionalities. Each entry can be described and updated directly within the interface, ensuring consistency in terminology and eliminating the need for repetitive manual input. By harmonizing the definitions and reuse of core privacy elements, the Data Hub feature helps Customers maintain uniformity across records and reduces manual effort when completing documentation elsewhere within the Platform.
DPIA functionality allows Customers to create and manage impact assessments in a centralized location. Each assessment is listed with its status and creation date, enabling Customers to easily track ongoing assessments. This functionality is integrated with RoPA functionality, supporting Customers in organizing and documenting high-risk processing activities consistently.
External Recipients functionality allows Customers to maintain a structured register of third parties that receive personal data. For each recipient, Customers can enter key details such as contact information, contract terms, data processing locations, and sub-processors related information.
The functionality also supports documentation of the legal and compliance framework, including the type of contract, server location, and relevant approvals. Recipients can be linked to specific products and controller-side processing activities, providing a clear overview of how and where personal data is shared outside the organization.
This centralized register helps Customers manage external relationships and demonstrate compliance with data transfer and processor oversight obligations.
The Vendor Assessment functionality allows Customers to create customized questionnaires and either send them to vendors or complete them internally. Based on the responses, Customers can assess whether a vendor meets data protection requirements.
All completed assessments are centrally stored and linked to the vendor’s profile, providing Customers with a clear and structured overview of vendor compliance status.
Through the Whisperly Platform, Reports provides an at-a-glance overview of the organization’s data privacy status. A centralized dashboard summarizes the progress of core compliance areas such as RoPA records, impact assessments, and external recipients. Visual indicators show the status of each item, including entries in draft, under review, or approved, helping Customers quickly identify priorities and maintain oversight of ongoing compliance efforts.
Deletion Concept functionality displays scheduled deletion dates based on the retention periods defined in the RoPA. Customers can view when specific data sets are due for deletion and receive notifications accordingly. This enables teams to stay informed and take timely action, ensuring that personal data is not retained longer than necessary.
Within the Platform, Customers benefit from a structured process for managing data subject requests in accordance with applicable data protection laws. A customizable web form can be integrated into the Customer’s website, enabling individuals to submit inquiries at any time.
All requests are automatically captured and stored in the Whisperly database, assigned to the appropriate team, and monitored through a centralized workflow. Each step is securely documented, and all relevant deadlines are tracked. This functionality ensures consistent, transparent, and compliant handling of data subject requests.
With Data Breach, Customers can document and manage personal data breaches in a structured and traceable manner. Customers can record all relevant details of a breach, including the nature of the incident, affected data, and timeline of discovery. Each case can be tracked through its resolution, with responsibilities clearly assigned and deadlines monitored. This ensures that incidents are handled consistently and that all required documentation is available for internal reporting and, where necessary, notification to supervisory authorities.
Knowledge Center serves as a built-in resource hub designed to support Customers in their daily privacy compliance work. It is divided into three components: Trainings, Q&A, and Templates.
- Trainings: This component offers interactive learning materials on key data protection topics. Customers can complete self-paced courses, such as introductions to GDPR or guidance on handling personal data. Training content is designed to be practical and accessible, helping Customers build a solid foundation in data privacy compliance.
- Q&A: This component provides a curated collection of frequently asked questions regarding the Platform. Customers can search for answers to practical questions, such as how to document a processing activity or respond to a data subject request, without needing to contact support. This ensures that guidance is readily available and that Customers can resolve routine issues efficiently and independently.
- Templates: This component offers a library of pre-built document templates for various privacy compliance needs, such as privacy policies, records of processing, consent forms, and more. The templates are created by legal and compliance professionals to reflect the industry’s best practices and regulatory requirements, which the Customer can adopt or adapt to their own use (Note: The Templates functionality is available as an optional add-on functionality that requires a separate purchase).
Whisperly’s Risk Management module enables organizations to systematically identify, evaluate, and monitor data protection risks across all processing activities. Risk levels are calculated based on customizable criteria, helping privacy teams prioritize mitigation efforts. By integrating directly with RoPA, DPIAs, and TOMs, the module ensures that risk assessments are always contextual, up-to-date, and actionable—laying the foundation for truly risk-based privacy compliance.
With Whisperly, managing Technical and Organizational Measures (TOMs) becomes seamless and structured. Users can document implemented controls, categorize them by legal requirement or security domain, and link them to specific processing activities. TOMs can be reused across records and assessments, ensuring consistency and reducing administrative effort. This provides a clear, auditable view of the safeguards in place—supporting accountability and readiness for regulatory review.
3. Settings
Settings provides a central space for managing how Whisperly is structured and used, both at the organizational level and by individuals.
It brings together essential controls that support day-to-day privacy operations and platform personalization. This includes:
Whisperly provides flexible organization management tailored to the structure of each company, whether at the overall company level or at the level of individual organizational units. Administrators can create and edit units to reflect internal hierarchies and maintain an up-to-date representation of the company’s structure. This setup supports clearer process segmentation and ensures that documentation is accurately aligned with the relevant parts of the organization.
The interface language in Whisperly is fixed to English. All menus, forms, and help content are displayed in English by default. This setting is hardcoded on the front end and cannot be modified by Customers, ensuring a consistent language experience across the Whisperly Platform.
This section enables administrators to add, edit, and manage Whisperly users across all organizational units. User roles such as Administrator, Data Protection Officer, Basic User (Read Only) are predefined and govern the level of access each user has to functionalities. New users can be created manually by filling out their details and assigning them to specific organizational units during setup. This centralized user management ensures secure access, accountability, and a clear overview of team roles in privacy compliance workflows.
Within the Platform, the Customer and each individual within the Customer’s organization have access to a personal profile page where they can easily review and update their information.
Ready to get started? Let's schedule a call
Start your journey to effortless compliance today