The EU General Data Protection Regulation (EU GDPR), which went into effect on 25 May 2018, has brought major changes to companies across Europe. This regulation gives EU citizens easier access to and more control over their personal data. 




  • Right to data transfer
    The affected party has the right to receive his or her personal data in a machine-readable format in order to transfer it to another service.

  • Right to be forgotten
    The individual has the right for his or her personal data to be deleted under certain requirements within a given period of time.

  • Burden of proof
    The data processor is required to not only conduct data processing tasks in compliance with data privacy regulation but also provide proof thereof if necessary.

  • Restricted usage
    Aside from very few exceptions, personal data may only be used for the purpose for which it was collected.

Target architecture of a data protection management system

A governance/management system should include the following aspects: Data protection readiness check, establishment of a data protection management system and a completed data protection assessment.




The operational management of data inventory and operational data protection processes such as risk analysis or impact assessment




The technical implementation such as the automated execution of data protection processes in systems (e.g. queries, delete requests, data mapping) and administration of consents.

Data protection management with risk2value

risk2value focuses primarily on the technical implementation.

The technical core functions of our software platform risk2value include:


  • Highly configurable data or object model (including many-to-many relationships)
  • Highly configurable, integrated workflow with visibility management of the data objects by roles down to field levels (i.e. mirroring the organizational responsibility)
  • Comments and documents
  • Integrated reporting and dashboards
  • Integrated action management
  • Mail notification (scheduled, event-driven)
  • Audit trail (audit-proof and traceable)
  • Role and group-based permission system

Webinar: Data Protection

Join us for a free, interactive webinar in cooperation with CARMAO to learn the requirements for efficient data protection management in compliance with EU GDPR.


View it now!

GRC Alert

Get the latest GRC information – directly in your inbox! GRC Alert keeps you posted on important facts, current trends, the latest events, webinars, podcasts, trainings, and more.


risk2value DPMS - Implementation

risk2value DPMS Implementation

risk2value DPMS - Scope of delivery

  • Data management protection system

    • Integrated EU GDPR checklists including technical and organizational measures (TOMs) in line with Art. 32 GDPR
    • Data protection process assessment compliant with Art. 28 GDPR

  • Integrated directory of the processing activities

    • Inventory of the processing activities, data types and IT systems
    • Creating recommendations and carrying out the data protection impact assessment in line with Art. 35 GDPR

  • ISO/IEC 29151:2017 as an integrated catalog of controls to manage data protection activities
  • Integrated data breach management to collect and document data breaches including incident reporting to the respective data protection agency (in line with Art. 33, Paragraph 1 GDPR) and the affected individuals (in line with Art. 34 GDPR)

  • Integrated management of data protection inquiries incl. traceability as outlined in Art. 15-21 GDPR

  • Optional connection to information security management system (ISMS)

  • Comprehensive dashboards and reports as well as multidimensional drill-down options in the form of report templates

  • Implementation of a go-live checklist

About avedos

We are driven by our belief that the sustainable success of innovative organizations will be strongly influenced by a profound enterprise Governance, Risk and Compliance (GRC) strategy. As a vendor of GRC solutions, we center our efforts on enabling European companies to recognize GRC as a core value driver in enterprise management. As a partner, we support our clients to continually develop the maturity of their organizational processes.


Our software solutions enable the digitalization of GRC processes and anchor them efficiently within the organization. Our software platform risk2value builds a bridge between operational levels and top management by allowing them to link different GRC information across multiple business functions so that they develop a common frame of reference for transparent decisions on various management levels.


The largest and most successful energy providers, insurance companies, banks, telecommunication companies and retailers place their trust in us and run their GRC processes on the GRC platform risk2value.





Questions? Simply complete our online contact form, give us a call, or send us an email.
We look forward to hearing from you!

Romana Hanig



Romana Hanig
Sales & Account Manager

+43 1 3670876-136