Readmodel® GDPR · NIS2 · EU AI Act

An up-to-date Record of Processing Activities, ready for tomorrow's audit.

The GDPR requires a Record of Processing Activities (Art. 30). NIS2 has been in force in the Netherlands since 2024. The EU AI Act phases in from August 2026. Readmodel® inventories every service, scores your risk against GDPR, NIS2 and the AI Act, and produces a regulator-ready ROPA — so when a customer requests a DPA, an auditor asks for documentation, or the regulator asks a question, you have the answer ready.

Create Free Account Sign In

Or have us do it for you →

Built-in ROPA tool Data loss prevention insight Device & access assessment 200+ service templates GDPR, NIS2 & EU AI Act EDPB-aligned DPIA template Cookie/tracker inventory built-in

Why act now

Three reasons SMEs in the Netherlands start documenting today

01

Regulation is moving

A processing register is mandatory under GDPR Art. 30. NIS2 entered force in the Netherlands in October 2024. The EU AI Act phases in from August 2026 and August 2027. Starting now avoids a deadline sprint.

02

Customers ask for proof

A DPA, a sub-processor list, an up-to-date processing register — increasingly required for B2B growth, tenders, and audits by larger clients. When this is in order, sales close faster.

03

Tight reporting windows

A breach must be reported in 72 hours (GDPR Art. 33); a DSAR answered within 30 days (Art. 12). Without a current register, those windows are tight. GDPR fines can reach €20M or 4% of global turnover.

Start free → Or have us do it for you →

How it works

From zero to full visibility in five steps

Map your data landscape step by step. Readmodel® turns your documentation into actionable risk insights — and compliance-ready exports come free.

1

Add your services

List the tools and platforms your organisation uses — pick from 200+ pre-configured templates or add your own.

2

Map users & devices

Document who accesses what, and from which devices. Assess device security: encryption, MDM, remote wipe.

3

Document data flows

Add data items, transfers between services, and backup configurations. Classify sensitivity and set retention.

4

Review your risks

The risk register scores every service and flags gaps: missing backups, unmanaged devices, vendor lock-in, overdue reviews.

5

Get AI insights & export

Generate an AI-powered analysis report. Export ROPA, risk register, and compliance documentation — all print-ready.

The data model

Four layers, fully connected

Readmodel® maps the full chain: devices, users, services, and data items — connected by access, processing, and transfer relationships.

Devices Laptops, phones
& workstations
Data Users Roles & people
who access services
Data Services Systems & apps
that process data
Data Items Personal data categories
with classification & retention
Service → Service = data transfer
Device → User = device assignment User → Service = access assignment Service → Item = data processing Service → Service = data transfer

Features

Everything you need to understand your data risk

Map, assess, and document — all in one place, per project, with no external tools required.

Visibility & documentation

Interactive Data Flow Graph

Your entire data landscape as a live, draggable graph — devices, users, services, and data items. Filter, zoom, and save your layout.

ROPA Tool & Compliance Exports

Generate ROPA (Record of Processing Activities), risk register, and full project exports — formatted for print, audit, or stakeholder review.

GDPR Art. 30

Printable Report

A structured summary with risk scores, device security, backup compliance, DPIA status, and access review results — ready for management review.

AI-Powered Analysis

A self-hosted AI model — running on LOCAVERDI B.V. infrastructure, so your data never leaves it and is never used for training — analyses your complete data landscape: services, risks, devices, backups, vendor lock-in. It writes a professional report you can share.

Data governance

Legal Basis Tracking

Document why you process each data item. Pre-seeded GDPR Art. 6 legal bases included. Missing legal bases raise the risk score automatically.

GDPR Art. 6

Retention & Deletion

Record how long each data item is kept. 19 pre-defined retention periods across four categories. Know when data should be deleted.

Data lifecycle

Sensitivity Classification

Tag data items with colour-coded sensitivity levels. Special Category and restricted data scores higher risk automatically.

Authentication Tracking

Document how each service controls access — SSO, MFA, API key, passkey. Services without authentication are flagged as a risk.

Risk & security assessment

Automated Risk Scoring

Every service gets a risk score based on data sensitivity, authentication, transfers, backups, and device security. No manual assessment needed.

5 levels: None → Critical

Risk Register

All services ranked by risk with specific action items: missing backups, unmanaged devices, vendor lock-in, undocumented data, overdue access reviews.

DPIA tracking

Transfer & Backup Tracking

Document data flows, backup transfers (with media type, offsite, immutable, encrypted flags), and verify compliance against your backup strategy.

Data Sovereignty

Track where data is processed by country, assess vendor lock-in and exportability, and document transfer safeguards for Schrems II compliance.

User Compliance Scoring

Each data user gets a 0-100 compliance score across five categories: access documentation, device security, authentication strength, access reviews, and data sensitivity handling.

Breach Notification Register

Log data breaches, track the 72-hour DPA notification deadline, and document remediation — all required by GDPR Art. 33-34.

GDPR Art. 33–34

DSAR Tracking

Log data subject requests, track the 30-day response deadline, and document identity verification and responses — GDPR Art. 15-22.

GDPR Art. 15–22

DPIA & FRIA editor

Document high-risk processing against the EDPB template — six sections, measures, inherent and residual risks, mitigation actions — and export a print-ready PDF or JSON.

GDPR Art. 35 · EDPB template v1.0

Cookie & tracker inventory

Map every cookie, pixel, SDK and localStorage key to a service. Generate a ready-to-paste cookie policy and flag non-essential trackers without documented consent.

ePrivacy Art. 5(3)

Backup profiles per data type

Match backup cadence and retention to the data class. Health records demand hourly backups with PITR; audit logs run weekly. Each classification picks one profile, every service inherits it, and the risk register shows the gap.

GDPR Art. 32

Access & device security

Access Reviews

Periodic campaigns that certify or revoke every access assignment. Revoked access is removed automatically. A complete audit trail of review decisions.

Least-privilege enforcement

Device Security Assessment

Document device groups, assess encryption, MDM, remote wipe, and VPN requirements. The risk register flags BYOD devices accessing sensitive data without controls.

Vendor Lock-in Assessment

Rate each service's lock-in risk and data exportability. Document exit strategies. Pre-populated assessments for 50+ services from the template library.

Productivity

Template Library

200+ pre-configured services with login types, data items, vendor lock-in ratings, and exit strategies. Load your entire IT landscape in minutes.

Project Copy & Audit Trail

Deep-copy any project for annual reviews or new business units. Every change is logged with user, timestamp, and IP address.

Track Your Progress

Save baselines and see how your risk posture improves over time. Prove the value of your documentation effort with concrete metrics.

Built-in Guidance

Contextual help icons on every page. Comprehensive documentation covering data mapping, risk scoring, backup strategies, device security, and vendor lock-in assessment.

See your risks
before they become incidents

Readmodel® computes a risk score for every service based on data sensitivity, authentication controls, backup coverage, device security, and vendor dependencies. The risk register shows exactly what to fix — and your score improves as you close gaps.

High-risk services are flagged for DPIA review. Document your assessment directly in the risk register.

Try it free
Critical
Score ≥ 10 · DPIA required
High
Score 7–9 · Review urgently
Medium
Score 4–6 · Gaps present
Low
Score 1–3 · Well documented
None
Score 0 · No personal data or fully documented public data

What you get

Concrete documents, ready when you need them

Every Readmodel® plan produces the same audit-ready outputs. The free Explore plan gives you the full deliverable set for one project.

Record of Processing Activities

GDPR Art. 30 register, print-formatted, ready to share with auditors, your DPO, or a customer requesting a DPA.

Risk register

Per-service computed risk scores with action items, overdue items flagged, and a one-page executive summary.

DPIA & FRIA documents

EDPB-aligned Data Protection Impact Assessment and Fundamental Rights Impact Assessment exports for high-risk processing and AI systems.

Document library

Per-service uploads (DPAs, SLAs, contracts, AI conformity). AI-summarised so they feed into your AI reports automatically.

Pricing

Simple, transparent pricing

Start for free. Upgrade when you need more projects or AI reports.

Explore
Free

Try Readmodel® with full functionality. No credit card required.

  • 1 project, 5 services
  • Full data mapping & risk scoring
  • Risk register & ROPA export
  • CSV & JSON data export
  • Interactive data flow graph
  • User compliance scoring
  • Watermark on printed reports
Get started
Save 20%
Grow
€99 / month

For small businesses mapping their data landscape.

  • Everything in Explore, plus:
  • 3 projects, 20 services each
  • 10 AI reports / month
  • No watermark on reports
  • Email support
Get started
Most popular
Team
€249 / month

For teams managing multiple scopes with collaboration.

  • Everything in Grow, plus:
  • 10 projects, unlimited services
  • 5 team members with project sharing
  • 50 AI reports / month
  • Audit log
  • Email support
  • Document storage (DPA, SLA, contracts)
Get started
Enterprise
€499 / month

For organisations needing scale and advanced governance.

  • Everything in Team, plus:
  • 50 projects, 25 team members
  • 200 AI reports / month
  • API access
  • Priority email support
  • Document storage (DPA, SLA, contracts)
Get started

Need more? We offer custom enterprise setups — unlimited accounts, your own admin access, a dedicated isolated server, and tailored configurations. Contact us to discuss your requirements.

Our mission

Why we built Readmodel®

Your digital infrastructure is the backbone of your business. Every service, every data flow, every access point matters. We built Readmodel® to help organisations become more digitally reliable and resilient — not just compliant on paper, but genuinely in control of their data landscape.

Readmodel® maps what you have, scores where the risks are, and tracks your progress as you improve. Because protecting your business and your clients starts with knowing what you have.

Start mapping your data risk today

Create a free account, load 200+ service templates, and see your first risk assessment in under an hour.

Create Free Account

Not in the EU?

Readmodel® is currently available for EU businesses only. Join our waiting list and we will notify you when we expand to your region.

Join waiting list

Stay informed

Subscribe to our newsletter for updates on data risk management, GDPR compliance, and product news from Readmodel®.

Subscribe to newsletter