MexonInControl for Privacy

MexonInControl for Privacy is an online service (Software-as-a-Service) with which every organization can build the registers required by the GDPR. Registers for processing activities, processors, processing agreements, standards, risks, measures and Data Protection Impact Assessments.

Request more information Datasheet MexonInControl for Privacy


The General Data Protection Regulation (GDPR) has given organizations, that process personal data, a number of new obligations. Many organizations try to get those new aspects, the creation of registers, under control with tools that are available. Microsoft Excel is such a tool that is often within reach. Excel provides a dynamic start, but also has limitations that make many a register falter.

The purpose of the GDPR is to protect privacy. Failure in that domain is not an option. The choice of a simple, insightful, reliable, well-arranged and transparent tool is desirable, if not necessary.

MexonInControl for Privacy is our SaaS solution with which the first steps are taken to comply with the GDPR obligations regarding registers. Create and fill the registers with minimal effort for a solid and quick result.

MexonInControl ensures that the GDPR requirements are complied with in a user-friendly manner. Since ALDI has been using MexonInControl on a daily basis, the demonstrability of the design, existence and operation of all processes surrounding GDPR is guaranteed. The most important aspect is that it is now possible to establish correlations between processing, agreements and systems with the corresponding stakeholders from various angles.

Philippe den Arend - Information Security Manager - ALDI Netherlands

What is GDPR compliance?

The GDPR imposes more responsibility on organizations. Openness, transparency and accountability are important issues concerning privacy protection.

Each organization has to assess and document how much they are affected by this regulation (in other words is personal data being processed). The conclusion of this research must be documented, even if there is no processing of personal data!

For this research (via assessments) it is important to have insight in the processing activities. Setting up and correctly filling the register of processing activities is an initial activity that directly meets an important requirement in GDPR.

By executing a Data Protection Impact Assessment (DPIA), independent of the form (small or –very- extensive), the current status will be clearer, including which areas need attention.

By filling a register of processors and processing agreements these aspects will be more under control. These components form a solid basis for meeting the requirements of the GDPR, particularly because their mutual interdependence can be documented.

Setup for your organization

Every organization has its characteristics. MexonInControl for Privacy is characterized by a high degree of flexibility with regard to the setup. A register can be configured for any organization, with the concepts that are customary in your occupation. This applies to the labeling of fields and columns and also to the values that can or may be entered therein. You can also decide yourself which data is visible, hidden or mandatory.

Assessments (questionaires)

MexonInControl for Privacy offers a number of basic assessments for a smooth start:
  • DPIA Check: is a DPIA necessary
  • DPIA Checklist new processing activity
  • DPIA Checklist existing processing activity
  • (Suspicion of a) databreach
  • (Suspicion of a) security incident
  • Verification of measures taken at a supplier
  • Exercise of data subjects' (access) rights
The entire lifecycle of an assessment is supported: from linking to a specific scope, assigning to people, following the status, reviewing the result, assigning a follow-up assessment, saving and printing.

You can create your own organization specific assessments which can be integrated in your website(s). These build-your-own assessments can also be sent via e-mail to suppliers, external users and other parties who are involved in your processes. You can start from scratch making these assessments or start with an existing template.

English Databreach assessment


  • Export registers
  • Import register of dataprocessing activities
  • Powerful access control
  • Attach documents by linking to CMS
  • Relations between registers

User types

  • Basic: respond to assigned assessments
  • Light: manage registers and assign assessments
  • Administrator: configure and manage MexonInControl, including assessments (and templates)

Do you want to know what the MexonInControl for Privacy can mean for your organisation?
Please contact us via email or call us at +31 33 432 17 00.