Trace® app FAQs


Do you have a question about using the Trace® platform or your account? Let us help you, find common answers to Frequently Asked Questions (FAQs) about the Trace® application.

How do I start using Trace®?

Once you have created your account, you can set up your Trace® account and profile. Your user and company profile are found under ‘Account’ from the main navigation; here you can set up your details, check your account settings, manage billing and personalise your account with your profile or company logo.

Once your account is all set up, you can start your compliance journey by building your data map from your dashboard, adding data categories to build a picture of personal data processing in your organisation. We have an easy to follow video guide to show you around the platform, available to watch in app, anytime.

How do I save information and my data mapping work in Trace®?

With Trace® you don’t have to worry about saving your work, it’s designed to be bite-sized so you can stop, start and resume your compliance work at any time - all of your work is auto-saved on our secure platform. This means you can come back to questions when you have more information, or have consulted with colleagues for example. At Trace® we know that data governance can be a team effort so we have made the platform flexible and designed for collaboration.

How many data categories should I add?

Trace® data modelling is easy, guided and flexible - you can add data categories at your own pace to reflect changes in your organisation. Every business is different though - some process many categories of data, and others might just have a few (for example customers, employees, prospects) - with Trace® it doesn’t have to be one size fits all compliance so each company will have their own ‘right’ number of categories.

We would encourage you, however, to work with your colleagues to capture all of the processing in your organisation and then keep Trace® up to date with any changes. By keeping Trace® accurate, you will ensure your personal data inventory is evergreen and you know what personal data is in your care, and how protected it is from one secure platform which you can access anytime, from anywhere.

How do I fix gaps in my data map?

Trace® helps you see where you have gaps in compliance or Data Protection; for example, if you don’t have a legal basis you shouldn't be processing that data in the first place, or if you use a third party data processor to handle personal data under your control, you need a Data Processing Agreement (DPA).

Through assess view you can see where you have GDPR compliance gaps (e.g. data is not being processed in a country deemed ‘adequate’ by the EU) and take action in your business (e.g. review DPA with your processor and ask them to ensure your data is stored in a country where you have assurance there is sufficient Data Protection). Compliance is an ongoing process, and Trace® helps you embed Privacy by Design in your business and spot and tackle risks and gaps as they emerge.

What types of business can use Trace®?

It doesn’t matter what industry or sector you’re in, if you process personal data (so that’s most organisations!) you need to comply with the relevant Data Protection regulations and be a good custodians. Trace® can be used by many different types of business who want to make compliance as streamlined and easy as possible and demonstrate trust.

The GDPR is extra-territorial: use Trace® if you are in Europe and need to comply or if your organisation sells goods or services to European citizens. Trace® is designed for small or global organisations who want to practice and demonstrate compliance and data protection to build trust.

What browsers does Trace® work on?

We support the current version of each of these browsers:

  • Chrome (Windows and Mac)

  • Firefox (Windows and Mac)

  • Edge / Internet Explorer (Windows)

  • Safari (Mac)

If you encounter a problem, please drop us an email.

how do trace® keep compliance and data secure?

Your personal and business data are safe with us. Trace® has been created by Data Protection experts and our approach is always Privacy and Security by Design. When it comes to your payment data, all credit card transactions are processed using bank-level, PCI-compliant SSL encryption. We use carefully vetted partners like Stripe and Microsoft Azure who use best in class security systems. The content of your account and data map is entirely private unless you choose to share it via the export feature. For more on data security, see our Privacy Promise.

What is adequacy why does It matter?

Under the GDPR, transfers outside of the European Economic Area (EEA) to “adequate” countries are permitted and legal. Trace’s world data sovereignty map regularly tracks global Data Protection regulation, which helps you keep updated on factors such as adequacy to help you keep your data safe and legal. 

How do I know if I am transferring data?

You might be transferring data international jurisdictions without realising the potential risk; for example, if you have a third party cloud service which host personal data (where you are the controller) cloud systems which have data centres in a different country from where your company is based.

This is where Trace’s data residency visualiser can help you see where data is being processed, and what that means to your compliance.

What if my data categories are in non adequate locations (on my Trace® global map)?

When it comes to ‘non adequate’ locations, international data transfers may only take place where organisations (e.g. your third parties) have taken appropriate safeguards to protect personal data, such as Binding Corporate Rules (BCRs) or Standard Contractual Clauses

So if your data categories are showing as being ‘resident’ in a non adequate location on the Trace® map (according to your inputs and answers when modelling your data with Trace®), you need to take action to ensure there are other safeguards in place, take expert advice or reconsider the location’s suitability as it impacts your risk, legal and GDPR compliance position.