Iconfirm - operational privacy

Embed into operations to ensure efficient and effective privacy

Independent collaboration hub for practical privacy


When real privacy matters

Iconfirm is a secure platform for the processing of personal data. As a specialist, Iconfirm follow the development of privacy regulations and their interpretations closely and the concern about details and nuances is also reflected in the technology. Nevertheless, solutions must be practical in order to have an effect.

The features offered ensures privacy with a high degree of precision and quality. Together, they can provide a unique overview and control - both within your own organization and across the value chain.

Get a free demonstration

Our technology, your security


The regulations require organisations to document what personal data they process, as well as why and how the processing takes place. The Iconfirm solution helps to structure and document this in a logical and dynamic way.


Transparency is a key principle in the regulations with clear disclosure requirements. The organisations that offer people clear and specific information and are able to manage their rights, builds trust.


Most processes contain personal data, information that either directly or indirectly can be linked to a person. These processes are at the core of an organisations cash flow and, thus, value. Hence, privacy is essential for sustainable business models and building and maintaining trust of your customers and users.

GDPR states that an organisation must be able to demonstrate compliance. More and more investors are using ESG ('Environmental, Social and Governance') criteria in their assessment of investment opportunities.

Iconfirm makes it easier to demonstrate this compliance, to individuals, customers, auditors and authorities.


Save time - Ensure quality - Build trust

Ad-hoc reporting increases the risk of errors and often results in poor precision. At the same time, it is inefficient and creates duplication of work. Reuse of data directly from the source ensures quality and integrity.

Privacy tachograph

Resolving tasks where the knowledge sits


GDPR require high standards and comprehensive documentation. At the same time, it is very difficult to know what processing is actually taking place in different parts of the organisation. Iconfirm facilitates that the preparation and maintenance of the documentation takes place by those who has the knowledge.

Daily operations

Integrating Iconfirm into the operations makes it easier to log continuous compliance. For example, obtaining consents, fullfilment of the data subjects' rights such as transparency, erasure and rectification. Iconfirm also makes it easier to process requests for access or data portability. For those that need additional security, we can help store and protect data and manage flows.

Collaboration in practice

An operational line organisation knows best how they actually use a system; for what purpose and on what basis. The systems provider knows best the information about security of processing, sub processors etc. The Iconfirm vendor management solution allows those who knows best the opportunity to maintain the relevant data. All information is available in a structured form so that it is easy to create consistent documentation such as records of processing activities and data processing agreements that meet the needs of both the data controller and the data processor.

Another example is in the event of a data breach where effective collaboration is important. The data processor shall report to the data controllers, who in turn must consider the need to to notify the authorities and affected data subjects. Here it is important to have good and uniform communication and cooperation on necessary measures to close the breach and mitigate the effects.

Another example may be the notification obligation regarding rectification, erasure or restriction of processing where the data controller shall notify all recipients to whom data has been disclosed.


Data Controller

When those with operational responsibility can document their activities in a decentralised way, it creates better engagement and precision without losing the central overview.

The software provides the data controller with a suite of services that are continuously developed to meet the requirements of the regulations with a high degree of precision. This reduces the risk of non-compliance and breaches of privacy.

Data processor

Iconfirm has a special subscription for data processors that meets a number of the requirements imposed on the data processor. E.g. maintaining details about the processing done on behalf of specific controllers enable the processor to appropriately obtain consent for the change of sub-processors or provide timely reporting of audit documentation in an efficient way.

The Data processor will also have access to all functionality needed to manage the requirements where they have controller responsibilities.

iconfirm mobile concent customer

Data subjects

Iconfirm has developed its own Privacy Portal where individuals can manage their consents, rights and privacy dialogue with the Data Controller. At the same time, it ensures an easy way for the Data Controller to manage the processes and document all activities. This builds trust and confidence in the relationship.


Better quality and precision reduce risk of privacy breach.
  • Consistent documentation and enhanced integrity
  • Dynamic link between processes, systems and categories of data subjects gives good overview
  • Templates and examples for easier onboarding
Efficient internal and external collaboration gives less administrative burden.
  • Structured, continuously updated and readily available information
  • Easier and uniform follow-up across the value chain
  • Communication, tasks and notifications
  • Incidents and breach reporting
  • Subject rights request resolution
  • Audit eports and security documentation
Easy to integrate for dataintegrity and process automation.
  • Time stamps and logs to document continuous compliance
Enhanced and holistic control makes it easier to document compliance towards data authorities, auditors and other stakeholders.
  • Internal and external reporting

Software as a Service


Iconfirm is designed for the secure processing of patient data with privacy by design and default principles deeply embedded into the software's code and logic. The secure platform was caved out from the Nordic region's leading collaboration platform within private health, which is currently used by the largest banks and insurance companies, as well as over 1,300 hospitals and clinics.

The solution is robust and scalable and has been in continuous operation since May 25, 2017.


The Iconfirm solution is currently supporting the following languages:

  • English
  • Norwegian
  • Swedish
  • Danish
Iconfirm Architecture 1

Internationally recognised innovative solution


PwC Germany Legaltech scale programme

(1 of 8 selected ager screening 750 startups across Europe)

pwc alumni skjold til Iconfirm

Use examples

Records of processing activities

Records of processing activities

Detailed records on the basis of information from process overview and systems register.

  • Ensure consistent information
    • Between controller and processor 
    • Data Processing Agreements and the Records of processing activities
  • Delegated maintenance to line organisation for efficiency and quality.
  • Excel report

Systems-/recipient management

Structured and detailed information on systems, processors and third party recipients.

  • Documentation
    • Specifications of nature of processing and categories of data
    • Technology, security of processing, subprocessors.
    • Links, attachments and audit instructions
    • Contact details to key personnel
  • Contains all needed information to complete data processing agreements
  • Quality assurance prior to new technology is implemented into organisation.
Can also be used for data management and notifications
  • Role based access
  • APIs for integrity in data processing
Systems and recipients


Verified consents

  • Data subject authentication
  • Good solution for the handling of parental/legal guardians confirmations

Central register

  • Central register for efficient consent management, overview and control
  • Complete overview of all consents with search function and filtering
  • Always updated and complete
  • Detailed logs and full versioning


  • Limit processing until valid consent can be documented
  • Synchronise across multiple applications

Data subject rights

Structured process for efficient workflow and swift response

  • Secure communication and sharing of information
  • Notifications and detailed logs
  • Efficient collaboration with third parties
  • Flexible scope
  • Quality assure progress and follow-up
  • Opportunity for automation

Data processing agreements

Autocomplete Data Processing agreements on the basis of information in the systems register.

  • Standard template ancored in European Data Protection Board by the Danish data Authorities.
  • Consistent information
    • Between data processor and controller
    • Data processing agreeement and records of processing activities
  • Ensure effective fulfillment of the agreement - over time
    • Change of subprocessors
    • Security documentation and audit reports
  • Overview and control of all data processing agreements

Document center

Ensure efficient access to all relevant documents

  • Policies and Instructions
  • Specific privacy notices per category of data subjects
  • Specific and granular consents
  • Confidensiality agreements
  • Power of attorneys and confirmations
  • Links to other systems and documentation (Risk assessments and DPIAs)

Special functionality

  • Easy online publication (passive)
  • Active notification via SMS/email (logged)
  • Integrate in data flow / customer journey
  • Full versioning


Utilizing the platform infrastructure and reuse of structured information already collected facilitates:

  • Easy to report, swift response
  • Own organisation as well as data processors
  • Quick overview over consequences
  • For larger incidents, there is an opporunity to make updates and versioning as the case progresses
  • Action oriented
  • Audit log
  • Reporting/Notifications (under development)
    • Response team
    • Authorities
    • The affected

Risk assessments and mitigating actions

Many businesses have good tools and procedures for risk assessments. Very often these are oriented around the business' risk. In privacy, it is the risks for the Data Subject that are important. Using a common solution for risk assessments, the two may easily be confused.

Iconfirm has made it easy to make risk assessments and implement risk-reducing measures linked directly to systems or processes.

  • Gives good opportunity to assess information security risk on systems while considering the risks of breaches of privacy principles and subject rights in processes.
  • Easier to focus on the data subject's risk.
  • Connection to the incident module
  • Mitigating actions with deadlines and follow-up. Also possible to set recurring measures with notification.
  • Support for templates. Resource bank on risks and effective measures under development.

Integration and automation

Ensure effiency through integrations with key work applications, allowing personnel to work in a familiar environements

  • Automate documentation processes in the background

The solution is well prepared for integration into excisting work flows and procedures 

  • Adapters and APIs for automation across multiple applications
  • Data exchange and file share integrity
  • API keys for easy and secure authentication


Ensure privacy without disruption to daily operations.


A secure platform originally designed to process patient data.



Transparency and efficient response are key to build trust and confidence.


Automated logging of activities and task resolution.

Advanced data management

Data management

Personal identifiers

Use ICONFIRM to segregate and distribute personal identifiers

  • Pseudonymisation and split processing.
  • Privacy by design and default
  • Great flexibility where each client can define which personal identifiers are processed for which categories of data subjects, purposes and in which underlying systems. 

Secure storage

  • The solution is designed for secure handling of patient data.
  • Every client has own encryption key. Key vault encrypted as well.
  • Out of the box solution for privacy by design and default.

Read more about our Schrems II solution

Christian Butenschøn

Do you want to know more about our solution for practical privacy?

Contact me today for a demo