Is your company
GDPR compliant?

Fully-managed OTRS leads the way.

GDPR – The facts at a glance.

The General Data Protection Regulation (GDPR) is an EU regulation that standardizes the rules related to processing and controlling personal data by companies and public authorities.

The GDPR gives EU citizens the right:

  • to know when their data is collected
  • to know how their data is used
  • to request data deletion
  • to access their information or to copy it

What is personal data?

It is important to note that personal information is not limited to financial information, but it also includes email addresses, medical information, etc.

GDPR has company-wide impacts.

The GDPR guidelines refer to any group within an organization that processes or controls personal data. For example, the following may be affected:

  • Cyber Defense Teams
  • Corporate Security Teams
  • ITSM Teams
  • Individuals

Are there consequences if a business does not comply with GDPR?

Yes. Companies that do not comply with the GDPR can receive a fine of up to 4% of annual world sales or 20 million euros, whichever is higher.

Avoid damage and trust OTRS from the start.

For the OTRS Group, the topic of data protection has always been of the highest importance. Compliance with privacy regulations and guidelines has always been, and will always be, treated as an absolute priority.

Consequently, OTRS AG has taken the following steps to ensure that the fully-managed OTRS environment complies with GDPR requirements and that our customers can trust that the data we process and control on their behalf is safe.

Data Protection Officer. OTRS AG has appointed an external data protection officer.

Documentation and planning. The GDPR requires companies to prepare various data-related documents, such as policies for email handling. Of course, we have fulfilled these obligations. Similarly, the privacy policy on the OTRS website has been revised to comply with all requirements regarding the collection and processing of personal data. The implementation of a risk management or IT emergency concept prescribed by the GDPR has also already been implemented at OTRS.

Training. In addition to the creation of all functional, administrative and organizational prerequisites for complying with GDPR guidelines, expertise of the employees with respect to data security is of highest importance to the company. A special online training session on data protection is being developed. The confirmation of participation will be archived by our HR department.

Ongoing steps. Additional activities related to the data protection regulation include technical-organizational measures (TOMs), the consolidation of hosting providers, and the creation of a processing of personal data contract.


Read more about OTRS and GDPR in our flyer “Your Data, Our Responsibilty.”

Important note about OTRS and GDPR.

If you run an OTRS instance On-Premise or the ((OTRS)) Community Edition, it is necessary for you to talk with your legal department about the steps you need to take to comply with the GDPR guidelines. The steps mentioned above apply only to OTRS instances that run within our fully-managed environment.

If you’re interested in learning more about fully-managed OTRS, let us know.