Control your data protection management with otris privacy, the software solution for internal and external data protection. The system simplifies the ongoing review of all relevant processing operations and guides the structured implementation of measures. Through process automation, otris privacy increases efficiency in analysis, documentation and communication.
The implementation of and compliance with the EU Data Protection Regulation (GDPR) is an indispensable part of modern corporate governance. However, a high level of data protection can only be achieved if the topic is not perceived as a burden in the company. Processes and workflows must not be disrupted and employees must not be hindered in their actual work.
otris privacy supports internal and external data protection officers in automating and standardising data protection processes. With the software, you optimise data protection-relevant processes such as the review of processing operations/processing contracts, data protection impact assessments, enquiry processing, data protection breach procedures, the organisation of measures, audits and e-learning.
Data protection management for companies, municipalities and external data protection officers. otris privacy – our all-round solution for a professional data protection organisation – simplifies the control, documentation and reporting of your data protection work. If required, we integrate our Information Security Management System (ISMS) into the application.
otris privacy has a modular structure. You combine basic elements, such as the directory of processing activities, with extensions. If required, we integrate your company-specific workflows into the application. The goal: a solution that meets your requirements.
Inventory processing activities
You take inventory of the company’s data protection-relevant processing on the central database. Forms and wizards support the recording process and collaboration tools assist in the division of labour. With otris privacy, you can check both your own processing operations and commissioned processing operations for compliance with regulations (including DSGVO Art. 28 and 32).
Audit | Analysis
You compile (reusable) checklists that you assign to individual processing operations (or processing orders). The responsible employee in the specialist department accesses the system to analyse the processing with the help of the checklist. Over 1,000 ready-made questions are available to you when compiling the checklists.
Control | Optimisation
Data protection management evaluates the processing operations analysed by the specialist departments. Markings (traffic light symbols) indicate the processing operations that require improvement. In addition to the evaluation, you can use otris privacy to organise the commissioning and monitoring of the associated optimisation measures.
With otris privacy, you organise a GDPR-compliant data protection impact assessment (according to GDPR Art. 35) as well as the preceding analysis of whether a DPA is necessary at all. A risk map visualises the status of the risk of the processing activity. You can use cockpits to monitor processing progress, notification deadlines and data protection violations.
otris privacy includes an e-learning platform. You distribute the content you have created to employees in a targeted manner. The system logs the delivery, evaluates the learning success via queries and creates reports on the e-learning measures carried out.
Optional workflows increase the level of automation: the creation and maintenance of the processing directory is simplified by the notification workflow, the data protection breach workflow enables rapid intervention in the event of data protection breaches, and the enquiry workflow sorts and channels enquiries of all kinds.
Whether you are an external data protection officer looking after several clients, the DPO of a small company or managing the data protection of a group as a team – otris privacy adapts to the given structure. The software is multi-client capable and is also suitable for mapping complex group structures.
A differentiated access concept allows you to define roles and rights. Depending on the requirements, you can integrate individual, selected data protection coordinators or the entire staff. Via client or web access to the central system, you promote teamwork and information consolidation. New or changed processing procedures can be reported electronically to the data protection officer. In addition to direct client or web access, the user can also complete the checklists externally: The questions are then exported as HTML questionnaires with encrypted answer transmission.
You can choose from three software editions to adapt the basic range of functions of the solution to your needs. If required, you can combine the editions with extensions to cover more extensive needs: Do you have a high volume of data subject requests? The “manual” checking and maintenance of your processing directory is too time-consuming? Or would you like to process the notification of internal data protection violations more professionally? With standardised extension solutions, you can expand the system according to your needs. If you have further requirements that are not covered by the standard functional scope, otris consulting will implement an individual solution tailored to your needs.
The data protection software otris privacy takes you step by step to your goal: wizards and context-sensitive action menus guide you through all input processes, drag & drop functions facilitate document assignment. Interactive progress indicators and traffic light symbols for data protection control ensure immediate transparency. Your personal cockpit and the automatic e-mail notifications give you the security of having all tasks and deadlines in view.
All information logged with the otris privacy software can be flexibly evaluated. The report templates not only cover the legal requirements (directory of processing activities, activity reports, overviews of measures, analysis reports), but also allow differentiated evaluations of data protection management (planning of measures, audit log, etc.). PDF, HTML and CSV output formats are available.
You are free to choose whether you use the data protection software in the cloud or on-premises. On-premises means that the system is operated on your company’s own IT infrastructure. With the cloud variant, you access the servers of a secure, certified data centre (location: Germany). With both the cloud and on-premises versions, you use a web browser to work with the software.
Simplifying data protection with otris privacy also means automating repetitive processes and avoiding redundancy. We link web forms with downstream document control functions to standard workflows that accelerate and professionalise data protection processes. Three examples from practice:
Create and update a processing directory
The processing directory is a core element in data protection management. In dynamic companies with a large number of processing operations that are newly added or change, creating and maintaining the documentation can become a challenge.
With the notification and update workflow, you simplify both the creation and maintenance of the processing directory: the data protection employee uses the workflow to contact the responsible persons in the specialist departments and request them to notify data protection-relevant processing operations. A web form simplifies the DSGVO-compliant process description. After the process owner has filled out the form, the data protection employee checks the information and assigns the processing to the overall directory at the push of a button.
Manage data protection requests
Companies operating in the B2C business process personal data of thousands of customers. Accordingly, the number of data subject requests is high. The GDPR stipulates the timeframe in which requests must be processed (for example, information about the data stored about the person and its deletion). Timely processing and DSGVO-compliant documentation become a challenge. There are also more and more data protection requests in B2B business. The focus here is often on topics such as the contractual agreements for commissioned processing or organisational topics that directly affect the data protection management of individual sub-areas of an organisational structure.
The request workflow is an extension for otris privacy and simplifies the speedy and data protection-compliant processing of all types of requests. Your customers, employees or other stakeholders submit requests via a form that you make available on your website. The form pre-structures the data.
The system can thus automatically document and allocate the enquiries. The data protection staff have an overview of the total number of open enquiries and are warned by the system of upcoming processing deadlines. The clear structuring of the requests and the automated reporting facilitate the company’s ability to provide information.
Processing breach notifications
Data breaches happen in every company: Employees accidentally send emails with personal data to the wrong recipients, lose a USB stick or publish photos without observing data protection standards. Some breaches are relatively unproblematic and can be quickly remedied, while others are serious. It is important that employees have a channel through which breaches can be easily reported internally. Only then is data protection management able to assess and respond quickly.
The data breach workflow in otris privacy simplifies notification and handling. A web form is used to describe the breach according to predefined standards (e.g. data categories, groups of persons, etc.). The system forwards the notification, including a structured description, to the responsible data protection officer. An additional notification e-mail increases security. The assessment and processing of the case takes place in otris privacy. The system automatically documents the processing status and warns if cases are not processed in time. If the assessment shows that the data protection authority must be informed, you can generate a data protection breach notification that complies with the GDPR at the touch of a button.
Reference articles | Technical articles
Your responsibility is growing: stay in control with the otris privacy software
Your aspiration is to have a company-wide data protection management system that is seamless, compliant with the law and free of redundant work. The special software otris privacy helps you to implement data protection standards efficiently.
otris privacy simplifies your data protection responsibilities. By structuring and documenting all data protection-relevant processes on a central platform, you gain a full overview of the status of your data protection organisation: all processing is inventoried in an orderly manner and the evaluation of processes and risks as well as the status of optimisation is clearly documented. Traffic light symbols make the data protection organisation clear and easy to control – even with extensive inventories.
otris privacy not only helps you to process your tasks correctly, but also to complete them with as little effort as possible. A high efficiency gain is generated by the consistent use of templates: you avoid duplicate work when creating processing and processing checks and use proven documents by linking them. Not only the templates, but also the collaboration functions reduce the workload of your data protection organisation: departments that analyse processing operations, external parties that make enquiries or data protection officers that are involved – the system offers a variety of options for integrating content “from outside” without media discontinuity.
Integrate corporate structures
otris privacy is group-capable. This means that even complex corporate structures can be mapped in the software to organise access rights, role and document distribution. Template and inheritance functions minimise the effort involved in setting up and expanding the structure.
otris privacy – holistic data protection management
Managing your data protection with specialist software pays off: You gain full control over the company-wide data protection process and the certainty of doing justice to your task across the board. By structuring and recycling, you streamline processes and avoid redundant work. Adapted to your company structure, otris privacy is a tool that supports you in all work that is important for your company-wide data protection management.
In order to provide you with the solution that optimally fits your company-specific requirements, we offer a choice of three editions as well as functional extensions.
You are looking for a data protection management solution with which you can:
The otris privacy STANDARD edition is a fully comprehensive data protection management software with which you can map your entire data protection organisation in a DSGVO-compliant manner. We offer otris privacy STANDARD exclusively as SaaS (Software-as-a-Service) for rent.
You are looking for a data protection management solution with which you:
The otris privacy ENTERPRISE edition is our data protection management solution for medium-sized businesses and external DPOs. You use the software in your web browser. The system can be run on your company server or in the otris cloud.
You are looking for a data protection management solution with which you:
The otris privacy ENTERPRISE plus edition is the group-capable, bilingual version of our data protection management solution. The system can be operated on your company server or in the otris cloud.
With technical extensions you can adapt otris privacy to your requirements in addition to selecting an edition. The extensions can be combined with the ENTERPRISE and ENTERPRISE plus editions.
The extension NOTIFICATION/UPDATE WORKFLOW makes it possible to integrate existing processes for the notification of processing activities according to Article 30 EU-DSGVO directly into otris privacy. Via a web form, processing activities are reported to otris privacy, where they can be post-processed, approved or rejected. In contrast to the use of otris privacy itself, no special knowledge in the area of data protection is necessary for the use of the notification form. The data controller sees an overview of all the procedures he or she has submitted. If a new procedure is added or a procedure has been changed, the controller opens the overview to document the change. The system notifies the DPO of any changes or additions. The extension NOTIFICATION/UPDATE WORKFLOW includes the standard procedure notification web form as well as the installation and set-up of the extension. Individual adaptations of the workflow can be realised as part of a service.
The extension REQUEST WORKFLOW enables internal requests (e.g. employee) and external requests (e.g. customer) to be automatically recorded in otris privacy and the processing procedure to be documented. Requests can be reported to otris privacy by e-mail or by web form including attachments.
With the DATA PROTECTION VIOLATION extension, you implement a process for reporting internal company data protection violations. You provide your employees with an easy-to-understand dialogue with which they can describe and report data protection breaches: Via a web form, the employee specifies the chronology, the categories of data and groups of persons affected, as well as measures already taken. No special knowledge in the area of data protection is necessary to fill out the form. The completed form is sent to the – predefined – responsible office in the company (e.g. internal or external data protection officer). After a new breach notification is received, the system also sends a notification e-mail (recipient can be freely defined during configuration). A report on the process is attached to the e-mail.
The LDAP interface LOGIN-SYNC enables authentication of otris privacy users against your Active Directory. For users, this offers the advantage that they can use the same login data for an otris privacy login that they use to log in to the Windows system. Users that you remove from the Active Directory (e.g. an employee leaves the company) no longer have access to otris privacy immediately after removal.