The short answer is usually NO. However there are several solutions out there, hence giving a general answer to such question is impossible. Below you can however find some of the points to consider:

First and foremost: GDPR compliance is not only about IT systems and security. This is a part of ensuring that you are compliant, but the main point is that you need to manage the use of the data that you control. For more information about the necessary security safeguards press the button.

Secondly as a data controller you have the responsibility to keep (overlook) the personal data. This means that you need to document your collection and use of the data.

Thirdly When using their software you need to make an data processor contract, ensuring that the data you put into their software isn't used by the software provider, if it is you will need to inform your customers and users that their data is also processed by the software  provider.

There are probably other points to consider as well that we will not look at here, but the overall point that you should take from this, is to keep your eyes open and investigate what you purchase. There are definitely IT systems out there that has implemented functions and safeguards to assist you in your GDPR project, but investigate what, before you purchase. 

Using ComplyTo GDPR you can document your personal data compliance program irrespective of if your IT vendor tells you that their system is compliant. The main point is that you need to ensure that your systems (both offline and online) have the adequate safeguards to make sure that the data managed by you is kept safe.

Did this answer your question?