otris software for Data protection service provider
27. April 2021

External data protection officers: professionalisation with otris privacy

External data protection officers (DPOs) have a lot on their plate at the moment: More and more companies are handing over their data protection tasks to external experts. On the one hand, the data protection software otris privacy supports the establishment and maintenance of a data protection organisation at the client. On the other hand, the system simplifies organisational tasks, the cooperation with the client as well as a recycling of existing processes and contents for newly accepted mandates.

Organisation and administration

The more tasks that can be handled under the “roof” of a system, the better the overview and the linking possibilities. otris privacy not only maps data protection processes, but also organisational processes. This is particularly interesting for external DPOs, as they can link client appointments with elements from the data protection organisation. Example: The external DPO invites a client via otris privacy to discuss the processing status of a measure. The client can get information before the appointment by opening the linked measure. Another advantage for the external DPO: the invitation to the appointment is automatically documented. Individually configurable dashboards help to keep track of appointments, deadlines and to-dos. Not only appointments, but also expenses can be recorded in otris privacy and assigned to the individual mandates. To invoice the efforts, the system creates invoices that are issued according to preset intervals or manually.

Cooperation with the client

The external DPO can only implement and supervise a data protection organisation if the client actively cooperates. Example: Describing the processing activities as a process is the task of the process owners in the company. The DPO’s task is to create structured documentation and to evaluate the processing activities (VVT). The common practice in many companies: The process owners send “their” documentation to the DPO by email. Any queries or updates are also handled by email. For the external DPO, this practice quickly becomes confusing – especially with an increasing number of clients. With otris privacy, the “diversions” via the e-mail inbox is no longer necessary: the external DPO grants the person responsible for the process in the company access to forms and checklists which he opens in the web browser. The external DPO can assign the description to the VVT with one click, ask questions, link assessments and measures, and define resubmission dates for regular reviews. The same system is used to collaborate on audits or risk assessments.

Models and templates

Each external DPO has developed his own procedures for implementing data protection structures at the client. otris privacy simplifies the re-use of established processes and templates: a VVT created for an existing client can be copied in otris privacy with a few clicks and used in whole or in part as the basis for a new client. The same applies to all other checklists, templates and forms. Inheritance and copy functions thus not only make work within a data protection organisation more efficient, but also reduce the effort involved in accepting a new mandate.

Scalability and licensing model

External data protection is a service that is in high demand. Many providers are growing correspondingly fast. otris privacy grows with them: The flexible licensing model makes it easy to add new clients. Just as easy: the cancellation of clients in the event of an upcoming reduction in the number of clients. The licensing model also allows external DPOs to sublet otris privacy: A fully developed data protection organisation can be offered to the client as SaaS (Software as a Service) if they wish to continue running it on their own.


As an external DPO, you professionalise your offering with otris privacy. You use a central software to manage and link both operational and administrative tasks. With otris privacy, you can transfer proven best practice procedures to newly accepted mandates at the touch of a button. This not only saves work, but also helps to avoid mistakes. You underline your professionalism to your clients: you do not send Office templates by e-mail, but simplify cooperation by means of forms that the client opens in the web browser. If the client wishes to operate the data protection organisation you have created on their own, the otris privacy licensing model allows the software to be leased on as SaaS.