Solution for Data Protection Management

Plan, organise and ensure data protection

The GRC Toolbox supports your company in meeting requirements such as the EU-GDPR, minimising data protection risks and establishing a systematic data protection management system (DSMS). In this way, you create trust and compliance in your company.

Play Video

Leading companies use our data protection solution

GRC Toolbox Insights


Get here a first insight into the capabilities of our data protection management solution.

Register of Processing Activities

The repository is an overview of all processing activities of personal data carried out in an organisation. The purpose of the GRC Toolbox repository is to enable companies, data subjects and supervisory authorities to quickly and easily obtain information about what personal data have been processed, for what purpose and so on.


Data Protection Impact Assessment

A DPIA must be carried out when a proposed processing of personal data is likely to result in a high risk to the rights and freedoms of individuals. The GRC Toolbox DPIA is a risk assessment that should be carried out before any processing starts in order to identify and minimise potential data protection issues at an early stage. With the flexible assessment feature, the DPIA can be easily carried out as needed.


Transfer Impact Assessment

As with the DPIA, the GRC Toolbox also assists in carrying out a TIA, which is done when personal data is to be transferred to a third country or to an international organisation. A TIA serves to identify possible risks to the protection of personal data in connection with the transfer to a third country and to take appropriate protective measures.

Data Breach Management

A data breach occurs when personal data is unintentionally or unauthorisedly disclosed or lost. In this context, the GRC Toolbox helps to record and assess data protection incidents, to notify the data subjects and, if necessary, the supervisory authorities by means of incident reports and reminders, and then to determine the causes and take appropriate measures to prevent future data breaches.


Data Subject Requests

Data subject requests are an important component of data subject rights as per legal requirements. Processing data subject requests with the GRC Toolbox involves identifying, verifying and providing the personal data that must be provided upon request by a data subject.


Project support (Privacy by Design)

Project support in the context of data protection means that data protection and security aspects are integrated into the development process from the very beginning. The GRC Toolbox offers workflow for this purpose in order to query data protection/security risks, define measures and meet compliance requirements before a product or service is introduced.


Integration with ISMS, TPRM, etc.

Connect the data protection management system with other functions of the GRC Toolbox such as information security, third-party risk management, contract management, etc. This creates synergies and reduces duplication.

Data Protection Reporting

Improve the effectiveness and efficiency of your data protection management system. The data protection dashboard serves as a valuable tool for this, as it shows you all data protection-relevant indicators and information in a visually appealing and intuitive way.


Advantages and added value for your organisation

Data Protection Management with the GRC Toolbox

Central overview of personal data processing activities

Simple recording and overview of all processing activities according to EU-GDPR etc. Freely definable or with templates.

Integration with third-party and contract management

Contracts for data protection clauses are checked and compliance with data protection provisions is ensured when contracts are concluded.

Incident response to data breaches

Data breaches are responded to in the most effective way and appropriate measures are taken to minimise the impact.

Maintaining of relevant Data Protection documentation

All relevant documents related to data protection are stored systematically and securely.

Comprehensive data protection support during projects

Workflow support for embedding data protection requirements in projects and other relevant activities.

Visual representation of the data protection situation

Present data protection impact assessments (DPIAs) and risk situations in the form of risk matrices or dashboards.

As our company’s data protection officer, I was looking for an effective solution to manage our data protection processes. We found the ideal solution with the data protection management software from Swiss GRC AG. The software is easy to use, provides us with a comprehensive overview and the automated processes make our work much easier.

Project Manager Data Protection Programme

GRC-Focus topics

Switzerland plans uniform regulations and reporting requirements with ISG to strengthen information and cyber security, especially for critical areas. Entry into force still unclear.

Discover all our solutions around GRC

Create the foundation for a successful GRC strategy. With the GRC Toolbox, you can gradually extend your digital governance, risk and compliance processes to all other GRC areas.


Learn more about our data protection software

Convince yourself and test all functions of the GRC Toolbox, the user-friendly software for your GRC management.

Mirko Hegi, GRC Expert, PostFinance AG

Right from the start, the cooperation was at eye level and we understood each other, not only on a professional but also on a human level.

Fill out and submit the form, and we will contact you shortly.