Run the programme.
Not the spreadsheet.
The Article 30 register lives in Excel. DSARs come through a shared inbox. DPIAs are emailed around as Word documents. Ghost is the workspace where the inventory, the requests, the assessments, and the evidence all live together — and reference each other.
EU-hosted · Append-only audit log · Built around Article 5(2) accountability.
The DPO operating loop
Inventory. Operate. Evidence. Defend.
Spreadsheet, shared inbox, Word documents, and a drive folder is a stack you can keep alive. It's not a stack you can defend. The programme needs one record that everything else references — and an audit log that writes itself.
Step 01
Inventory once
Article 30 register with templates, guided validation, gap analysis, and a completeness score. Each processing activity is the same record DSARs cite, DPIAs assess, and vendor rows link back to.
Step 02
Operate against statutory clocks
DSARs through a branded intake with identity verification and Article 12 deadlines tracked automatically. DPIAs with structured sign-off. Breach Register with the Article 33 clock running.
Step 03
Evidence as you go
Every action is timestamped in the append-only audit log against the person who took it. The evidence the regulator asks for assembles itself rather than being reconstructed at audit time.
Step 04
Defend on demand
Export an audit pack for the supervisory authority, internal audit, the board, or a customer security questionnaire. The same source data — different cut.
Article 30 register at the centre
One record everything else references.
Processing activities with lawful basis under Article 6 and (where Article 9 applies) the special-category condition, retention rule, processor links, and transfer mechanisms. Completeness score surfaces gaps. PDF and Excel export when the regulator asks.
- Activity templates: employee, customer, payments, recruitment, marketing
- Lawful basis and Article 9 conditions on every activity
- Completeness score and gap analysis
- PDF and Excel export
Privacy request manager
Intake, identity, deadlines, delivery — in one workspace.
Branded public intake with identity verification. Article 12 deadlines tracked automatically. Task assignment across the response team. Manual redaction on every plan; AI-assisted on Solo DPO and DPO Team. Time-limited delivery links.
- Branded intake and identity verification
- Article 12 deadline tracking and Art. 12(3) extensions
- Manual + AI-assisted redaction
- Time-limited disclosure links
Compliance Hub: DPIAs, LIAs, Breach Register, Third-Party Register
Modules that talk to each other.
DPIA screening and sign-off under Article 35. Legitimate Interest Assessments tied to processing activities. Breach Register with the Article 33 timeline. Third-Party Register for processors and transfer mechanisms. One append-only audit log across the lot.
- DPIA risk register and sign-off workflow
- LIAs tied to processing activities
- Breach Register with the Art. 33 clock
- Third-Party Register for processors and transfers
See it end to end
A short walk-through of the workspace.
Redaction, privacy requests, and the audit log — in about three minutes.
What DPOs ask us first
Three questions we hear in every first call.
“Do I have to rip out my current tools?”
No. Ghost is where the privacy programme lives. HRIS, support, CRM, legal repositories stay where they are. Ghost links to them rather than replacing them.
“Is this just a Article 30 register with extra steps?”
The inventory sits at the centre, but DSARs, DPIAs, LIAs, breach, and vendor management all reference the same activities. That's the point — one source of truth for the programme.
“We have a consultancy already.”
Ghost makes their job easier. Invite the consultancy in as members. They review against the audit trail rather than reconstructing it.
Pricing
Plans for solo DPOs, fractional DPOs, and full teams.
Start free. Upgrade when the programme outgrows a one-person operation.
Free
Try the inventory and a single request before you commit.
- 1 active case
- Manual redaction (PDF, up to 5 pages/file)
- 10 redactions per month
- 1 Article 30 register entry
Solo DPO
For the DPO running the privacy programme themselves.
- Unlimited cases and redactions
- AI-assisted PII detection
- Full Compliance Hub (DPIAs, LIAs, breach, third-party)
- €39/mo billed annually (save 20%)
DPO Team
For privacy, legal, security, and ops sharing the work.
- Up to 10 seats (€10/extra seat)
- Role-based access (Admin, Operator, Read-only)
- Outbound webhooks for SIEM / chat / ITSM
- External counsel / consultancy can be invited
- €119/mo billed annually
Compare every feature on the full pricing page.
What good looks like for a Article 30 register
How to structure activities, what counts as a complete entry, and where most registers fall short — written for DPOs maintaining them in production.
FAQ
Frequently asked questions
The programme is yours. The plumbing is Ghost's.
Stand up a defensible operating surface in a weekend. 30-day free trial — no credit card, EU-hosted.
The regulatory landscape DPOs operate in
The DPO role is defined by Articles 37–39 of Regulation (EU) 2016/679 (GDPR). The accountability obligation in Article 5(2) is what makes the rest of the job non-negotiable: the controller must be able to demonstrate compliance, not just achieve it. Ghost is built around the evidence-generation half of that obligation.
For UK organisations, the equivalent regime is the UK GDPR and the Data Protection Act 2018, supervised by the ICO. For EU establishments, the lead supervisory authority varies by country — CNIL in France, the Irish DPC for many large platforms, the BfDI in Germany. Ghost's outputs (the Article 30 register, the DSAR audit log, the DPIA archive) map directly to what every one of these authorities asks for.
Where US privacy regimes apply alongside GDPR — CCPA / CPRA in California and state regimes in Colorado, Virginia, and elsewhere — Ghost's 45-day default for US-style requests sits alongside the one-month GDPR default, configurable per intake form. Ghost does not provide legal advice.