DPAkit — AVG/GDPR vendor compliance, without the spreadsheet graveyard

Dutch and Belgian SMEs accumulate twenty data-processing agreements and then lose track of which ones are current — DPAkit turns that scattered paperwork into one audit-ready register. Vendors, subprocessors, renewals, certificates and security evidence live in one place, versioned and immutable. The core loop is deliberately small: a vendor register with risk scoring, DPA templates with contract versioning, renewal alerts across contracts and certificates, a magic-link vendor portal for security questionnaires (no account needed), and an audit-report generator that turns a trust-pack request into a ten-minute export. GDPR Article 28 requirements are enforced in the data model, not left to the user. Built for operations managers, privacy officers and finance leads who face GDPR audits, vendor due diligence or M&A preparation — and want the evidence to exist before the auditor walks in, not while they are sitting at the table.