Privacy Security (AVG/GDPR)

According to the AVG/GDPR, consumers have more privacy rights. Entrepreneurs must therefore comply with new privacy legislation since May 2018. Complex regulations, for which you may not have a specialist in house. Our Information Management System is an AVG egg from Columbus! Create a digital file with reversed burden of proof and comply with privacy laws and regulations.


Reversed burden of proof

As an organisation, you must be able to demonstrate - with the right questions and documents - that you have taken adequate, organisational and technical measures in accordance with legislation and regulations. As an organisation, you must at all times be able to comply with the reversed burden of proof (file creation), including recording responsibility & accountability. Collect logs, perform audits and report. The (EU) Privacy legislation requires it!

Security is made-to-measure

This means that there is no standard package of organisational & technical measures that you have to comply with. Moreover, security is a continuous process (plan, do, check, act). You must continue to monitor whether the security measures taken are still adequate.


The privacy legislation requires, among other things, appropriate technical and/or organisational measures. You, as a company, must take these measures, but you must also guarantee them. What if you have already taken these measures in another context - from the point of view of certification or your company's objectives? CompLions also offers a solution in this case.

Demo or request a quote?


With GRCcontrol you anticipate current risks and take appropriate safety measures.


For audit planning including automatic and periodic audits, as well as registration of external audits and registration and handling of improvement tasks.

Raporting System

Comes with various standard reports with the possibility to build your own reports.


For management, specialists and employees, up-to-date insight into your compliance (per organization (part), standard, process, means), risks, incidents and (internal/external) audit findings.

Ready to go

Numerous standards frameworks including best-practice measures mapping, numerous risks/threats set(s) including best-practice measures mapping, examples of questionnaires and registers, reporting and dashboarding.


2-factor authentication on login and encrypted traffic for secure communication and data storage in a certified data centre.


Management system for granting authorisations.


Access control based on individuals and functions including AD linking capabilities.


For recording the execution of successive activities.

Document Management

For recording and distribution of documentation and burden of proof. Includes expiration dates and e-mail notification.


NL, UK, FR and GE


Access control based on individuals, roles and functions including AD/FD linking capabilities.

Incident management

Incident management, including registration and handling by means of protocols (work processes) that can be set up entirely according to your own working method.