With otris privacy, the data protection management software for corporations and groups of companies, you can organise data protection processes centrally and on a role-based basis – across companies and locations. This provides clarity for audit, management and operational teams without losing local responsibilities.
1
Record and version processing activities, Contracts and TOMs in a structured manner – for consistent GDPR compliance.
2
Control roles, terms and escalations in a process-secure manner – for inquiries and measures with clear responsibilities.
3
Consolidate risks, KPIs and reports across the group – for an overview, control and audit-proof management reports.
otris privacy is a modular data protection management software that adapts to corporate structures. You map companies, locations, roles and responsibilities in a multi-client capable platform. This allows you to control data protection processes end-to-end – from recording to reporting.
You can use a central database to keep track of the Company’s data protection-related processing activities. Forms and wizards help you with data entry, while collaboration tools help you share the work. With otris privacy, you can check both the Company’s own processing activities and those of data processors for compliance, e.g. in accordance with GDPR Articles 28 and 32.
You compile reusable checklists and assign them to individual processing operations or data processors. The data controller in the specialist department accesses the system and analyses the processing using the checklist. Over 1,000 pre-defined questions are available for you to compile your checklist.
Data protection management rates the processing operations analysed by the specialist departments. Markings such as traffic light symbols indicate processing operations that require improvement. In addition, otris privacy allows you to organise the commissioning and monitoring of related optimisation measures.
With otris privacy, you can organise a GDPR compliant Privacy Impact Assessment (DPIA) in accordance with GDPR Art. 35 – including the preliminary check to determine whether a DPIA is necessary. A risk map visualises the risk level for each processing activity. Cockpits allow you to monitor processing progress, reporting deadlines and data breaches.
With otris privacy, you can specifically involve employees and specialists in data protection processes. Processing and data breaches are reported using clear forms and forwarded to the relevant departments in a structured manner. Updates can be made centrally via the processing portal, ensuring that information remains up to date at all times.
Optional workflows increase the level of automation. The reporting workflow simplifies the creation and maintenance of the record of processing activities. The data breach workflow enables rapid intervention in the event of a data breach. The enquiry workflow sorts and channels all types of inquiries.
Three editions – each with a clearly defined range of functions. You choose the entry level that suits your Organisation and scale up as required. With ENTERPRISE(plus), we tailor extensions and integrations specifically to your specifications.
For a quick, GDPR compliant start (single users).
For SMEs and larger companies – with roles, rights and units.
For corporations – bilingual and individually expandable.
„In close cooperation with otris, we have simplified operational work in data protection.“
The following features help you to organise data protection in corporate groups in a structured manner – from role assignment to consolidated evaluation.
otris privacy adapts to corporate structures: You can map companies, locations and organisational units in a multi-client capable platform. This allows you to manage data protection centrally while creating clear responsibilities in the specialist departments. The solution is scalable and suitable for mapping complex corporate structures.
On request, the platform can also be used for several legally separate entities or Mandates.
A differentiated access concept allows you to define roles and rights across the entire group. Depending on the organisational structure, you can involve data protection coordinators in companies and departments – and larger user groups if necessary. All participants work together on a central platform via client or web access and consolidate information across locations. New or changed processing procedures can thus be reported electronically to the data protection officers. Alternatively, checklists can be completed externally: the questions are exported as HTML questionnaires and the answers are transmitted in encrypted form.
There are three software editions to choose from, allowing you to tailor the range of functions to your needs. If necessary, you can combine the editions with extensions to cover more advanced requirements – such as a high volume of inquiries, maintenance of the record of processing activities in many organisational units, or structured processing of internal data breaches. With standardised extensions, you can expand the system to meet your needs. Requirements that are not covered by the standard range of functions are implemented by otris Consulting as individual solutions.
The otris privacy data protection software guides you step by step through the processes: wizards and context-sensitive action menus accompany your entries, while drag-and-drop functions facilitate document assignment. Interactive progress indicators and traffic light symbols support data protection control and create transparency regarding the processing status. Your personal cockpit and automatic email notifications help you keep track of tasks and terms.
All information logged in otris privacy can be evaluated flexibly. The report templates cover legal requirements – such as a record of processing activities, activity reports, overviews of measures and analysis reports – and enable differentiated evaluations for data protection management, for example for planning measures or for audit logs. PDF, HTML and CSV are available as output formats.
You are free to choose whether you want to use the data protection software in the cloud or on-premises. On-premises means that the system is operated on your company’s own IT infrastructure. In the cloud version, you access the servers of a secure, certified data centre in Germany. In both operating modes, you work with the software via your web browser.
„otris privacy controls the creation of new processing activities through predefined process steps, involves those responsible for the process and enables the rest of the documentation process – all with a high standard of security.“
Technical extensions allow you to adapt otris privacy to your requirements in addition to the selected edition. The extensions can be combined with the ENTERPRISE and ENTERPRISE plus editions.
The Reporting/updating workflow extension enables existing processes for notifying processing activities in accordance with Article 30 of the EU GDPR to be integrated directly into otris privacy. Processing activities are notified to otris privacy via a web form and are then processed, approved or rejected there. Unlike when using otris privacy itself, no specific data protection knowledge is required to use the web form.
The employee who is the data controller for the processing activity can view all submitted processing processes in an overview. If a new processing process is added or an existing processing process is amended, the responsible person documents the information in the overview. The system notifies the data protection officers (DPOs) of any changes or additions.
The extension includes the standard web form for reporting processing activities, as well as installation and configuration. Individual customisations of the workflow can be implemented as part of Services.
The extension Request Workflow enables internal inquiries (e.g. from employees) and external inquiries (e.g. from customers) to be automatically recorded in otris privacy and the processing procedure to be documented. Inquiries can be sent to otris privacy by email or via a web form, including attachments.
With the Data Breach extension, you implement a process for reporting internal data breaches. You provide employees with a clear dialogue box that they can use to describe and report data breaches. A web form is used to record the timeline, affected data categories, affected groups of people and measures already taken. No special data protection knowledge is required to complete the form.
The LDAP interface Login Sync enables otris privacy users to authenticate themselves against your Active Directory. For users, this means that they use the same login details for otris privacy as they do for logging into the Windows system. If you remove users from Active Directory, they will immediately lose access to otris privacy, e.g. when they leave the company.
News
You demand company-wide data protection management that is seamless, legally compliant and free of redundant work. The specialised otris privacy software helps you to implement data protection standards efficiently.
otris privacy simplifies your data protection responsibilities. By structuring and documenting all data protection-related processes on a central platform, you gain a complete overview of the status of your data protection organisation: all processing operations are systematically inventoried and the Rating of processes and risks as well as the status of optimisation is clearly documented. Traffic light symbols make the data protection organisation clear and easy to control – even with extensive inventories.
otris privacy not only helps you to process your tasks correctly, but also to complete them with as little effort as possible. The consistent use of templates generates a high gain in efficiency: you avoid duplication of work when creating processing and processing checks and use proven documents by linking them. Not only the templates, but also the collaboration functions reduce the effort required for your data protection organisation: specialist departments that analyse processing operations, external parties that submit inquiries or data protection officers who are involved – the system offers a wide range of options for integrating content ‘from outside’ without media discontinuity.
otris privacy is suitable for large corporations. This means that even complex corporate structures can be mapped in the software in order to organise access rights, roles and document distribution. Template and inheritance functions minimise the effort required to set up and expand the structure.
Managing your data protection with specialised software pays off: you gain full control over the company-wide data protection process and the certainty that you are fulfilling your tasks across the board. By structuring and reusing data, you streamline processes and avoid redundant work. Adapted to your company structure, otris privacy is a tool that supports you in all tasks that are important for your company-wide data protection management.
„otris privacy simplifies our data protection management through centralised data storage and automation.“
Simplifying data protection with otris privacy also means automating repetitive processes and avoiding redundancy. We design web forms with downstream process control and documentation functions as standard workflows that accelerate and professionalise data protection processes. Three practical examples:
The record of processing activities is a core element of data protection management. In dynamic companies with a large number of new or changing processing operations, creating and maintaining documentation can be a challenge.
The reporting and updating workflow simplifies both the creation and maintenance of the processing directory: The data protection officer uses the workflow to contact the data controllers in the specialist departments and request them to report data protection-relevant processing operations. A web form simplifies the GDPR compliant process description. Once the person responsible for the process has completed the form, the data protection officer checks the information and assigns the processing to the overall directory at the touch of a button.
Companies operating in the B2C sector process the personal data of thousands of customers. The number of inquiries is correspondingly high. The GDPR stipulates the time frame within which inquiries must be processed (e.g. information about the data stored about the person and its deletion). Timely processing and GDPR compliant documentation are becoming a challenge. B2B businesses are also seeing an increase in data protection enquiries. The focus here is often on issues such as contractual agreements on order processing or organisational issues that directly affect data protection management in individual areas of an organisational structure.
The inquiry workflow is an extension for otris privacy and simplifies the rapid and data protection-compliant processing of all types of inquiries. Your customers, employees or other stakeholders submit inquiries via a form that you make available on your website. The form pre-structures the data.
The system can thus automatically document and assign the inquiries. Data protection officers have an overview of all open inquiries and are warned by the system of upcoming processing deadlines. The clear structuring of inquiries and automated reporting make it easier for the company to provide information.
Data breaches occur in every company: employees accidentally send emails containing personal data to the wrong recipients, lose a USB stick or publish photos without observing data protection standards. Some breaches are relatively minor and can be quickly remedied, while others are serious. It is important that employees have a channel available to them through which breaches can be reported internally in an uncomplicated manner. Only then can data protection management assess and respond quickly.
The data breach workflow in otris privacy simplifies reporting and processing. A web form is used to describe the breach according to specified standards (e.g. data categories, groups of persons, etc.). The system forwards the report, including a structured description, to the responsible data protection officer. An additional notification email increases security. The incident is assessed and processed in otris privacy. The system automatically documents the processing status and warns if incidents are not processed in time. If the assessment shows that the data protection authority needs to be informed, you can generate a GDPR compliant data breach report at the touch of a button.
Group data protection addresses multiple companies/locations with common standards: uniform data models, role and rights concepts, central templates and consolidated reports for management and audit – multilingual if required.
Yes. Records of processing activities (RPA), Privacy Impact Assessments (DPIA) and technical and organisational measures (TOMs) are recorded in a structured manner, versioned and documented with audit security. Roles, responsibilities, approvals and terms can be controlled via workflows – including reminders and a traceable history.
otris privacy supports centralised governance with decentralised input: roles and rights are assigned across the group, while companies and departments can supply information via web access or forms. This ensures that responsibilities remain clear, approvals are traceable and changes are documented in a structured manner.
Are you looking for data protection management software that consistently controls corporate structures, roles/rights and GDPR evidence (e.g. VVT, DSFA, TOMs)? With otris privacy, you can map your data protection organisation centrally – across locations, scalable and with audit security.
Request a guided demo – we will show you typical processes and answer your questions. Or book a consultation appointment to discuss your requirements and find the right edition for you.
