How do you optimise your data protection management with otris privacy?

Data protection software simplifies your company-wide data protection management

Control your data protection management with otris privacy, the software solution for internal and external data protection. The system simplifies the ongoing review of all relevant processing operations and guides the structured implementation of measures. Through process automation, otris privacy increases efficiency in analysis, documentation and communication.

The implementation of and compliance with the EU Data Protection Regulation (GDPR) is an indispensable part of modern corporate governance. However, a high level of data protection can only be achieved if the topic is not perceived as a burden in the company. Processes and workflows must not be disrupted and employees must not be hindered in their actual work.

otris privacy supports internal and external data protection officers in automating and standardising data protection processes. With the software, you optimise data protection-relevant processes such as the review of processing operations/processing contracts, data protection impact assessments, enquiry processing, data protection breach procedures, the organisation of measures, audits and e-learning.

otris privacy

otris privacy

Data protection management for companies, municipalities and external data protection officers. otris privacy – our all-round solution for a professional data protection organisation – simplifies the control, documentation and reporting of your data protection work. If required, we integrate our Information Security Management System (ISMS) into the application.

Our data protection software at a glance

otris privacy has a modular structure. You combine basic elements, such as the directory of processing activities, with extensions. If required, we integrate your company-specific workflows into the application. The goal: a solution that meets your requirements.

otris privacy

Inventory processing activities

You take inventory of the company’s data protection-relevant processing on the central database. Forms and wizards support the recording process and collaboration tools assist in the division of labour. With otris privacy, you can check both your own processing operations and commissioned processing operations for compliance with regulations (including DSGVO Art. 28 and 32).

otris privacy

Audit | Analysis

You compile (reusable) checklists that you assign to individual processing operations (or processing orders). The responsible employee in the specialist department accesses the system to analyse the processing with the help of the checklist. Over 1,000 ready-made questions are available to you when compiling the checklists.

otris privacy

Control | Optimisation

Data protection management evaluates the processing operations analysed by the specialist departments. Markings (traffic light symbols) indicate the processing operations that require improvement. In addition to the evaluation, you can use otris privacy to organise the commissioning and monitoring of the associated optimisation measures.

otris privacy

Monitor risks

With otris privacy, you organise a GDPR-compliant data protection impact assessment (according to GDPR Art. 35) as well as the preceding analysis of whether a DPA is necessary at all. A risk map visualises the status of the risk of the processing activity. You can use cockpits to monitor processing progress, notification deadlines and data protection violations.

otris privacy


otris privacy includes an e-learning platform. You distribute the content you have created to employees in a targeted manner. The system logs the delivery, evaluates the learning success via queries and creates reports on the e-learning measures carried out.

otris privacy


Optional workflows increase the level of automation: the creation and maintenance of the processing directory is simplified by the notification workflow, the data protection breach workflow enables rapid intervention in the event of data protection breaches, and the enquiry workflow sorts and channels data subject enquiries.

Features that distinguish our data protection management software

Client-ready. Flexible scalability.

Whether you are an external data protection officer looking after several clients, the DPO of a small company or managing the data protection of a group as a team – otris privacy adapts to the given structure. The software is multi-client capable and is also suitable for mapping complex group structures.

Role and access concept. External integration.

A differentiated access concept allows you to define roles and rights. Depending on the requirements, you can integrate individual, selected data protection coordinators or the entire staff. Via client or web access to the central system, you promote teamwork and information consolidation. New or changed processing procedures can be reported electronically to the data protection officer. In addition to direct client or web access, the user can also complete the checklists externally: The questions are then exported as HTML questionnaires with encrypted answer transmission.

Scope of functions. Customisable standard software.

You can choose from three software editions to adapt the basic range of functions of the solution to your needs. If required, you can combine the editions with extensions to cover more extensive needs: Do you have a high volume of data subject requests? The “manual” checking and maintenance of your processing directory is too time-consuming? Or would you like to process the notification of internal data protection violations more professionally? With standardised extension solutions, you can expand the system according to your needs. If you have further requirements that are not covered by the standard functional scope, otris consulting will implement an individual solution tailored to your needs.

Systematic user guidance. Everything at a glance.

The data protection software otris privacy takes you step by step to your goal: wizards and context-sensitive action menus guide you through all input processes, drag & drop functions facilitate document assignment. Interactive progress indicators and traffic light symbols for data protection control ensure immediate transparency. Your personal cockpit and the automatic e-mail notifications give you the security of having all tasks and deadlines in view.

Evaluations. Differentiated and meaningful.

All information logged with the otris privacy software can be flexibly evaluated. The report templates not only cover the legal requirements (directory of processing activities, activity reports, overviews of measures, analysis reports), but also allow differentiated evaluations of data protection management (planning of measures, audit log, etc.). PDF, HTML and CSV output formats are available.

On-Premises or cloud. Form of operation selectable.

You are free to choose whether you use the data protection software in the cloud or on-premises. On-premises means that the system is operated on your company’s own IT infrastructure. With the cloud variant, you access the servers of a secure, certified data centre (location: Germany). With both the cloud and on-premises versions, you use a web browser to work with the software.

„In close cooperation with otris, we have simplified the operational work in data protection.“

Jürgen Kempter
Group Data Protection Officer, Hubert Burda Media

In practice: simplifying processes with otris privacy

Simplifying data protection with otris privacy also means automating repetitive processes and avoiding redundancy. We link web forms with downstream document control functions to standard workflows that accelerate and professionalise data protection processes. Three examples from practice:

Create and update a processing directory
The processing directory is a core element in data protection management. In dynamic companies with a large number of processing operations that are newly added or change, creating and maintaining the documentation can become a challenge.

With the notification and update workflow, you simplify both the creation and maintenance of the processing directory: the data protection employee uses the workflow to contact the responsible persons in the specialist departments and request them to notify data protection-relevant processing operations. A web form simplifies the DSGVO-compliant process description. After the process owner has filled out the form, the data protection employee checks the information and assigns the processing to the overall directory at the push of a button.

Manage data subject requests
Companies that are active in the B2C business process personal data of thousands of customers. Accordingly, the number of data subject requests is high. The GDPR stipulates the timeframe in which requests must be processed (for example, information about the data stored about the person and its deletion). Timely processing and DSGVO-compliant documentation become a challenge.

The request workflow is an extension for otris privacy and simplifies the speedy and data protection-compliant processing of requests. Your customers submit requests via a form that you make available on your website. The data is pre-structured in the form. The system can thus automatically document and allocate the enquiries. The data protection staff have an overview of the total number of open enquiries and are warned by the system of upcoming processing deadlines. The clear structuring of the requests and the automated reporting facilitate the company’s ability to provide information.

Processing breach notifications
Data breaches happen in every company: Employees accidentally send emails with personal data to the wrong recipients, lose a USB stick or publish photos without observing data protection standards. Some breaches are relatively unproblematic and can be quickly remedied, while others are serious. It is important that employees have a channel through which breaches can be easily reported internally. Only then is data protection management able to assess and respond quickly.

The data breach workflow in otris privacy simplifies notification and handling. A web form is used to describe the breach according to predefined standards (e.g. data categories, groups of persons, etc.). The system forwards the notification, including a structured description, to the responsible data protection officer. An additional notification e-mail increases security. The assessment and processing of the case takes place in otris privacy. The system automatically documents the processing status and warns if cases are not processed in time. If the assessment shows that the data protection authority must be informed, you can generate a data protection breach notification that complies with the GDPR at the touch of a button.

Your responsibility is growing: stay in control with the otris privacy software

Your aspiration is to have a company-wide data protection management system that is seamless, compliant with the law and free of redundant work. The special software otris privacy helps you to implement data protection standards efficiently.

Simplify responsibility
otris privacy simplifies your data protection responsibilities. By structuring and documenting all data protection-relevant processes on a central platform, you gain a full overview of the status of your data protection organisation: all processing is inventoried in an orderly manner and the evaluation of processes and risks as well as the status of optimisation is clearly documented. Traffic light symbols make the data protection organisation clear and easy to control – even with extensive inventories.

Reduce effort
otris privacy not only helps you to process your tasks correctly, but also to complete them with as little effort as possible. A high efficiency gain is generated by the consistent use of templates: you avoid duplicate work when creating processing and processing checks and use proven documents by linking them. Not only the templates, but also the collaboration functions reduce the workload of your data protection organisation: departments that analyse processing operations, external parties that make enquiries or data protection officers that are involved – the system offers a variety of options for integrating content “from outside” without media discontinuity.

Integrate corporate structures
otris privacy is group-capable. This means that even complex corporate structures can be mapped in the software to organise access rights, role and document distribution. Template and inheritance functions minimise the effort involved in setting up and expanding the structure.

otris privacy – holistic data protection management
Managing your data protection with specialist software pays off: You gain full control over the company-wide data protection process and the certainty of doing justice to your task across the board. By structuring and recycling, you streamline processes and avoid redundant work. Adapted to your company structure, otris privacy is a tool that supports you in all work that is important for your company-wide data protection management.


Reference articles | Technical articles

to the reference report

Data protection as an overall concept


Holistic solution in data protection: control centrally, implement locally ...

to the reference report

Manage external data protection


For the support of data protection clients, ecoprotec uses otris privacy ...

to the reference report

Data protection with security


At Evonik, data protection is a central compliance issue with high priority ...

Universally applicable: external data protection with otris privacy

For years, otris privacy has been a popular tool for external data protection officers. On the one hand, external DPOs use the software to map and apply their consulting expertise with a professional system. On the other hand, the flexible price model, the scalability and the possibility to sublet the software are convincing.

In order to set up data protection organisations for their clients, external data protection officers often use MS Office tools. Checklists in Excel or processing directories in Word are the result. With otris privacy, you professionalise your work: by transferring your expertise from Office documents to otris privacy, you create a standard data protection organisation that you can reuse and adapt for each new mandate you accept. The central database simplifies cooperation with the client and demonstrates your professionalism. The data protection organisation you create for your clients in otris privacy can be rented out to the respective client as SaaS (Software-as-a-Service).

As an external data protection officer, you also benefit from the easy scalability of the software: if you gain new clients, you can easily order additional client licences. With each additional client licence, you map the entire data protection organisation of a new client. If your client base shrinks, you can easily cancel the licences you no longer need by sending an e-mail notification.

The otris privacy rental price model for operation in the legally secure private cloud (location: Germany or Switzerland) is geared to the needs of external DPOs: Especially with a large number of clients, the costs per client licence are very low in relation to the costs for the software edition licence. In dialogue with our consultants, you can find out details about our pricing model for external data protection consultants. We look forward to your enquiry!

Online demo | Register now for free!

reCAPTCHA is required.

otris software AG will use all information provided here solely in accordance with the Privacy policy.

Your contact

Sebastian Gockel
+49 231 95806950

otris privacy