The legality of many processing activities is not only based on the requirements of the GDPR, but often also on accompanying legislation, such as the DIGAV or the SGB. If this is the case, further compliance requirements can be imported via Excel. Example here: Requirements from the DIGAV and the BSI: