We (FreelyGive) have been working on a suite of GDPR tools in collaboration with BRAINSUM as a result of our experience working with native Drupal CRM. In this talk I will demonstrate the tools we have built, some of the rationale behind why we built them like that and how to use them.

This includes:

• A dashboard for end users to request "Right to access" and "Right to be forgotten"
• Tools for site builders and data protection offers to see an overview of all Drupal fields and their GDPR settings (Included, Maybe, Not included or anonymise)
• Various different sanitisers for anonymising certain fields
• Tasks for staff to process these requests including any last minute additions
• Ability to create multiple revisionable consent policies which you can then attach to specific forms or entities
• An audit trail of those consent fields every time someone implicitly or explicitly consents to something (and which revision they saw)
• Tools for safely documenting exporting user data through integration with views data export
• A specific take on handling the backup and restore process where some individuals have asked to be forgotten.