Allocation of Risks and Measures

Risks and measures can now also be assigned to a responsible client. In Addition, further clients affected by this risk can also be assigned. This has a direct effect on the authorisation to view and edit the respective risks.

Adjustments in the Data Protection Management System

In this version, numerous changes and improvements have been made in the field of Data Protection. The key aspects are: The creation of technical and organisational measures has been revised and these can now also be exported. Within the scope of procedure evaluation, it is now possible to transfer information that has already been provided from one data category to another. This not only saves time, but also reduces possible false entries. For the purpose of processing, the legal retention period can now also be specified in days/weeks/months and it is possible to store more than one legal basis per purpose. Procedural activities can all be exported in one step. The control parameters have been extended to include the start of the deadline and the deletion process and can be archived if required

Individualisation options in the Business Impact Analysis

In addition to quantifying the financial damage with a EURO value in the Business Impact Analysis, you have the option of not only looking at it in monetary terms (via the amount), but also to evaluate it with the classification "Low", "Medium", "High", "Very High". Own damage categories can be created or existing ones can be deactivated if required.

Document Management

In Document Management, it is now possible to upload additional attachments. When you create new tasks, you can now attach the relevant guideline, for example, as an accompanying document by means of a selection box, which is made available to the user as a link in the corresponding notification.

Roles in the organisation

Defined roles that may not exist in your company can now be marked by you as "Not occupied".

Inheritance of maximum Tolerable Downtime and Maximum Tolerable Data Loss to Service Providers

The previous inheritance of the protection goals confidentiality, integrity and availability from the asset to the linked Service Provider has been supplemented with the information of the maximum tolerable downtime (MTA) as well as the maximum tolerable data loss.


With the appropriate authorisation, users now have the option of navigating directly from the Task Details page to the corresponding Overview page. The status "Completed" (applies to tasks and documents) has been renamed "In Release". The user thus sees at first glance that there is still one more step to be taken before the task can be completed.

eGRC Training Videos

Via the new menu item "Training", every user now has the possibility to view training videos on the operation of eGRC, which will be continuously updated. The videos are provided on our own learning platform "Compliness".


The newly designed Audit section now offers an overview page with all options available to a user. Use the new "Audit Planning" feature to plan your audits, including responsibilities, audit focus, duration and much more information. All planned audits can then be clearly displayed in a calendar or list view.

Further features

Division of the user list into active/inactive users, function for making multiple changes, evaluation by the Data Protection Officer directly on the procedure/process, possibility of multiple selection of implementation documents in connection with the Data Protection Impact Assessment and the procedural activity, categorisation of risks Numerous redesigns of the user interface.


English designations

At some points in the system, it was possible for the entire system to be set to English in order to enter a corresponding designation or description. This is now possible again directly in the edit/create mode.

Deviation in risk analysis

If a risk analysis is started, only the deviations of the last self-assessment are used. Older deviations are no longer taken into account.

Editing risks

During editing risks, all fields are now checked for their content.


Method documents were not displayed in the correct tab, they can now be viewed again in the documents under the tab "Methods".

Scenario description

If a new scenario is created, the description is now a mandatory field