For data protection owners
Check your data protection policies against UK GDPR.
Regis maps your privacy notices, processing records, and security documentation against UK GDPR requirements: lawful basis, security of processing, and ICO registration and DPO obligations. Each gap arrives as a cited draft finding for your DPO to review.
Policies written once, obligations that move
Privacy notices and processing records age quickly as suppliers, transfers, and products change. The gap between the documented position and the real one grows quietly.
Security wording that would not satisfy the ICO
Many policies assert appropriate technical and organisational measures without naming them. A reviewable position needs specifics: controls, owners, and review cadence.
DPO time spent compiling, not judging
Assembling evidence for an internal review or a supplier questionnaire consumes the hours that should go into judgement calls and remediation.
Every requirement this analysis checks.
The 3 requirements below are the exact analyser scope for this page’s frameworks, each with its rule citation. Nothing outside this list is claimed. See the full coverage matrix for every framework.
| Requirement | Rule source |
|---|---|
| Data Processing Principles and Lawful Basis | UK GDPR Article 5 / DPA 2018 |
| Security of Processing | UK GDPR Article 32 / DPA 2018 s66 |
| ICO Registration and Data Protection Officer | DPA 2018 s137 / UK GDPR Art 37 |
How it works.
Upload your data protection evidence
Privacy notices, records of processing, security policies, and supplier data-processing agreements.
Map against UK GDPR requirements
Regis checks the evidence against each in-scope UK GDPR requirement and drafts a cited finding where documentation is missing or weak.
Review and sign off
Your DPO or privacy lead validates findings, adapts the draft remediation language, and records the decision with a note in the audit trail.
Human sign-off required
Every output stays draft until a qualified professional reviews and signs it off. Regis supports judgement with structured, cited risk information; it never states that an activity is compliant, approved, safe, or legal. Read how findings are made and cited.
Common questions.
Where is my data stored?
Documents are stored in the EU (AWS Ireland) with per-tenant isolation and encryption in transit and at rest. AI analysis is processed by Anthropic as a sub-processor. Customer documents are never used to train AI models.
Is this legal advice?
No. Regis provides structured risk information for review by qualified professionals. It does not provide legal opinions and never declares an activity compliant.
Does it cover EU GDPR too?
Yes, separately: the EU workspace (currently in beta) includes a 16-article GDPR library alongside MiFID II, AMLD, DORA, SFDR, and MAR. Premium unlocks the UK, EU, and US workspaces together.