Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Create a new companyCompliance settings overviewGeneral compliance settingsCompliance notificationsBrowse companiesEdit a companyBrowse audiencesCreate an audienceEdit an audienceBrowse organizational unitsCreate an organizational unitEdit an organizational unitTags overviewEdit tagsCompliance sharing settingsApplicable laws and regulationsfilerskeepers integrationTime machine settingsCompany widget settingsIGDTA compliance settings
Identity and access management
IT Settings
Risk Settings

General compliance settings

Manage core company information and compliance defaults.

General Compliance Settings

The General Compliance Settings screen is the identity foundation of your DPMS installation. It is where you record the two pieces of information that data protection law — especially the GDPR — requires every organisation to be able to clearly identify: who is responsible for privacy decisions (the Data Protection Officer) and which legal entity is accountable for processing personal data (the Data Controller). Everything you enter here flows automatically into generated documents, privacy notices, imprint pages, and compliance reports across the platform. Getting this screen right early on is one of the most important setup tasks you will do in DPMS.

This screen is used primarily by the DPO themselves, compliance managers, and IT administrators who own the initial platform configuration. You will return here whenever there is a personnel change — a new DPO is appointed, for example — or whenever your organisation moves offices and the registered address needs updating.

How to open it

  • In the main left-hand sidebar, click Compliance Settings.
  • A secondary sub-navigation menu opens on the left. The first item is General — click it (or it will already be selected by default).

Permissions: You need read access to Compliance Settings to view this screen. To make any changes, you also need edit access to Compliance Settings. If you have read access only, the screen loads normally but the Edit button will be disabled. If you have neither permission, DPMS shows a 403 error page instead of the settings content.

What you see

When the screen loads, you land on a clean read-only view. The main content area is titled General and displays all the stored information as a structured list of label–value pairs. Fields that have not yet been filled in show a neutral placeholder character (a dash) so you can immediately see what is missing.

The content is split into two clearly labelled sections. The first — Data Protection Officer — covers the DPO's identity, contact details, and address. The second — Data Controller — covers the legal entity responsible for data processing: its company name, registered address, CEO, and the links to the public imprint and privacy policy pages. An Edit button sits in the top-right corner of the content card, ready for users with the appropriate permission to open the edit form.

Working with this screen

Setting up your compliance identity for the first time

If you are configuring DPMS for the first time, all the fields will show placeholder dashes. Start by clicking Edit in the top-right corner of the screen. The edit form opens, pre-filled with the currently saved values (or defaults, if nothing has been saved yet).

Data Protection Officer section

Work through the DPO section from top to bottom. In the DPO field, use the searchable dropdown to find and select the person who holds the DPO role in your organisation. Start typing their name to search. This is the person who will be automatically suggested as the responsible person in forms across DPMS, such as when creating new Records of Processing Activities. If you do not actively select someone, the field defaults to your own user account — so always check this carefully before saving.

Next, use the Deputy DPO dropdown to designate a backup person who covers when the primary DPO is unavailable. Again, check the default — it may be pre-set to your own account.

Fill in the Contact Person field with the name of whoever handles first-contact data protection enquiries (this could be an assistant or receptionist rather than the DPO directly). In Contact Email, enter the email address that data subjects and third parties should use for privacy-related queries — this address will appear in generated privacy documents, so use a publicly routable address rather than an internal one. Note that the field validates the email format strictly; if you enter an address with an unusual domain, DPMS will show a validation error and prevent saving. Add a phone number in Contact Phone.

Then fill in the DPO's address fields: Street, Postal Code, City, and Country. These address fields are separate from the Data Controller's address (see below) because, in many organisations, the DPO's contact address differs from the company's registered legal address.

Data Controller section

Scroll down to the Data Controller section. Enter the organisation's exact legal name in the Company field — this is the name that will appear on privacy notices and data processing agreements, so it must match your legal registration precisely. Add a short description of your organisation's activities in Company Description.

Fill in the registered address: Street, Postal Code, City, and Country. Then enter the name of the CEO or legal representative in CEO — this is commonly required on imprints in German-speaking and other EU jurisdictions.

Finally, paste in the full URLs (starting with https://) for your Imprint Link and Privacy Policy Link. These links are plain text fields with no automatic validation, so double-check that each URL is correct and accessible before saving.

When you are satisfied with everything, click Save. DPMS sends the data to the server, displays a success notification, and returns you to the read-only view with all your entries shown. The updated company information is also immediately pushed into the live application state, so every other part of DPMS that references the DPO name or company details reflects your changes straight away — no page reload required.

Updating the DPO after a personnel change

When a DPO leaves or a new one is appointed, come straight to this screen. Click Edit, then locate the DPO field. Clear the current selection and start typing the new DPO's name to search for them. Select the correct person from the results.

While you are here, also check the Deputy DPO, Contact Person, Contact Email, and Contact Phone fields to confirm they still reflect accurate information. Update any that have changed. When done, click Save.

Because the save operation immediately updates the platform's live state, the new DPO's name will appear everywhere across DPMS — in ROPA forms, data subject request workflows, document headers, and anywhere else the DPO is referenced — as soon as you save, without requiring other users to log out and back in.

Updating your organisation's registered address or legal links

When your organisation moves offices, or when your privacy policy or imprint page moves to a new URL, this is the screen to update. Click Edit, scroll to the Data Controller section, and update the relevant address fields (Street, Postal Code, City, Country) or paste in the new URLs for Imprint Link and Privacy Policy Link.

Remember that the Imprint Link and Privacy Policy Link fields accept any text — DPMS does not validate that you have entered a working URL. Always verify the link opens correctly in a browser before saving, because any error here will propagate to every document and communication that references these links.

Click Save when done. The changes take effect immediately across the platform.

Reviewing settings as a read-only user

If you have read access but not edit access, you can still use this screen to verify who the registered DPO is, confirm contact details, or note down the legal company name before completing a regulatory report or filling in an external questionnaire.

Navigate to Compliance Settings > General. The screen displays all fields in read-only mode. The Edit button is visible but disabled; hovering over it shows a tooltip explaining that you need additional permissions to make changes. If you need to update something you find here, contact your DPMS administrator.

Cancelling an edit without saving

If you open the edit form and then decide not to make any changes, click the back arrow () in the top-left of the edit form header. This returns you to the read-only view without saving. Important: there is no unsaved-changes warning. Any information you have typed is discarded immediately and silently when you click the back arrow. If you want to keep your changes, always click Save first.

Field reference

DPO — The person formally appointed as your organisation's Data Protection Officer. Searchable dropdown. Defaults to the currently logged-in user if nothing is selected — always verify before saving. Required in the sense that the system will always record someone in this field.

Deputy DPO — The backup person who acts as DPO when the primary is unavailable. Searchable dropdown. Defaults to the currently logged-in user.

Contact Person — The name of whoever handles first-contact data protection enquiries. Free text. Optional.

Contact Email — The email address for data protection enquiries, used in privacy notices and generated documents. Must be a valid email format with a recognised top-level domain. Maximum 255 characters. Optional, but strongly recommended.

Contact Phone — Telephone number for data protection contact. Free text. Optional.

Street (DPO) — Street address for the DPO's contact location. Free text. Optional.

Postal Code (DPO) — Postcode for the DPO's address. Free text. Optional.

City (DPO) — City for the DPO's address. Free text. Optional.

Country (DPO) — Country for the DPO's jurisdiction or address. Single-select dropdown from a standardised country list. Optional, but important for jurisdiction-specific generated documents.

Company — The exact legal name of the Data Controller organisation. Free text. This name appears on privacy policies, imprints, and data processing agreements — it must match your legal registration exactly.

Company Description — A brief description of the organisation's business activities. Free text. Optional.

Street (Data Controller) — Street address of the Data Controller's registered office. Free text. Legally required on imprints and privacy notices.

Postal Code (Data Controller) — Postcode of the Data Controller's registered address. Free text.

City (Data Controller) — City of the Data Controller's registered office. Free text.

Country (Data Controller) — Country of the Data Controller's registered legal domicile. Single-select dropdown. Important for jurisdiction-specific compliance requirements.

CEO — Name of the Chief Executive Officer or equivalent legal representative. Free text. Commonly required on imprints in German-speaking and other EU jurisdictions.

Imprint Link — URL of the organisation's publicly accessible imprint page. Free text — no URL format validation is applied. Include the full https:// prefix.

Privacy Policy Link — URL of the organisation's published privacy policy. Free text — no URL format validation is applied. Include the full https:// prefix.

How this connects to the rest of DPMS

The General Compliance Settings screen is the foundation that the entire compliance module builds on. Here is what depends on it:

  • DPO pre-population: The DPO you select here is used as the default responsible person pre-filled in forms throughout DPMS — for example, when you create a new Record of Processing Activity. If you change the DPO here, that default changes everywhere.
  • Generated documents: The DPO's name, contact details, and address, as well as the Data Controller's legal name, address, CEO, imprint link, and privacy policy link, are all pulled into any document that DPMS generates automatically. Missing fields will result in incomplete documents.
  • Compliance reports and audit packages: When DPMS exports compliance packages, this screen's data provides the organisation identity fields.
  • Live application state: When you save this screen, DPMS immediately updates the live application state for all logged-in users. Other people working in DPMS at the same moment will see the new DPO name or company details reflected without needing to reload.
  • After finishing here: If this is your first setup, move on to the other Compliance Settings sections (Tags, Statuses, Groups, and so on) to complete the foundational configuration before working in other modules.

Tips & common pitfalls

Heads up: Both the DPO and Deputy DPO fields default to your own user account if no one has been explicitly selected and saved before. If you open the edit form and click Save without checking these fields, your account will be recorded as the DPO across the entire platform. Always check who is selected in both dropdowns before saving.
Heads up: The back arrow discards your changes without any warning. There is no "are you sure?" dialog. If you have been typing in the edit form and click the back arrow, everything you entered is lost. Save frequently, especially during initial setup.
  • Two separate address sections exist for a reason. The DPO address fields and the Data Controller address fields are completely independent. Filling in one does not populate the other. Many organisations have the DPO at a different location from the company's registered legal address — this is intentional.
  • The contact email field has strict validation. A standard-looking address like dpo@internal.company may be rejected if the top-level domain is not publicly recognised. Use a standard .com, .org, .eu, or country-code TLD. If the form refuses to save and shows an email error, this is likely the cause.
  • The Imprint Link and Privacy Policy Link fields are plain text. DPMS will happily save a typo, an incomplete URL, or even a non-URL string. Before saving, open each link in a browser tab to confirm it works. Errors here silently propagate to every document that references these links.
  • Changes are visible to all users immediately. Because DPMS pushes saved changes directly into the live application state, there is no staging or preview. Incorrect information saved here will appear in live documents and forms right away. Double-check your entries before clicking Save.
  • Your organisation has one set of General settings shared by all users. This is not a per-user configuration screen. Any authorised user who edits and saves these settings is changing the platform-wide configuration for every colleague.


Was this article helpful?

English
Powered by Product Fruits