How it works.
From connecting to your first database, to a full audit trail of every governance decision. Here's the Co.Marc workflow — and what your team experiences at each stage.
Connect your databases.
You register your databases in the Co.Marc portal. The on-premises Marc component connects to them on your own network — no data leaves your environment. From that point on, Marc knows where to look.
| Field | Identified as | Confidence | Status |
|---|---|---|---|
| Customer ID | — | — | R1 |
| Customer name | Full name | 98% | Pending |
| Email address | Email address | 99% | Pending |
| Country | — | — | R1 |
| National ID No. | Government ID | 97% | Pending |
| Account closed date | Deletion trigger | 91% | Pending |
Find every piece of personal data.
Marc analyses your database structure, looking at column names, data types, and statistical patterns in sample data. It identifies which columns are likely to hold personal data and assigns a category and confidence score to each finding.
Every table in every connected database is assessed — including legacy systems, archived data, and development environments. Nothing is skipped. Nothing is assumed clean.
Your team makes every decision.
Marc presents findings through a clear governance workflow. Your DPO, compliance lead, or data steward reviews each finding and assigns one of the 3Rs — Retain, Manage, or Delete. Every decision is attributed to the individual who made it and timestamped.
Marc guides you through the decision — but the human is always in charge. No enforcement action is taken until your team has reviewed and approved the treatment for each finding.
Classification: PersonName · Confidence 98%
No action required
Apply access protection
Schedule for deletion
Protections applied automatically.
Once your team approves a treatment, Marc applies it. R2 protections — access controls, masking, and restricted views — are configured at the database level. There's no development work required, and no need to modify applications.
R3 deletion rules are scheduled and run continuously. When records become due, they are surfaced for final approval. Approved batches are deleted, with a permanent record of every deletion retained in the audit log.
Subject Access Requests answered in minutes.
When a data subject asks what personal data you hold about them, you have one month to respond. With Co.Marc, that response starts with a single search — across all your connected databases simultaneously.
Marc finds every record linked to the data subject, presents a structured summary, and generates a signed Subject Access Certificate as your evidence. What used to take days of manual searching is completed in minutes.
Your evidence, built as you work.
Every action in Co.Marc is logged — classifications, decisions, enforcements, deletions, access requests, and schedule checks. The audit trail is built automatically as your team works, not assembled under pressure before a review.
If a regulator, auditor, or senior stakeholder asks to see how you manage personal data, your evidence is already there — comprehensive, timestamped, and attributed to named individuals.
The 3Rs Framework
Understand the Retain, Manage, Delete framework that underpins every governance decision in Co.Marc.
NextCompliance Coverage
See which GDPR and DPA 2018 articles Co.Marc addresses, and the evidence it produces for each obligation.
Get startedRequest a Demo
See the full workflow in a guided walkthrough with your own database environment.