During their GDPR implementation, British Council decided to treat all operations with “high risk”, thus requiring a Privacy Impact Assessment by default and instead implemented a risk threshold into the process of doing the PIA. The conditional logic function allowed for a bespoke way to raise risks from inputted data. Any risks which are flagged automatically can be reported on and built into a geographical map and risk profile.
“In regions where we have older or paper-based systems, issues around recording of consent forms can be more complex. The Assessment Automation module helps us flag these risks, map them and produce consistent recommendations across the regions,” described Tumi.
As both a data processor and controller under the GDPR, Article 30 reports were one of British Council’s biggest challenges. With OneTrust, Tumi and her team can generate clear reports that not only helps improve efficiency within processes, but also improve accountability. This functionality closely ties in with the Data Mapping module which, alongside a great number of assets across the organization, helps Tumi and her team detail records of processing. For example, British Council can link a PIA to an inventory record and demonstrate the link between the record of processing and the assurance framework. OneTrust has enabled the British Council to build and maintain a clear overview of their data flows.
Cookie Consent has also been an invaluable tool in ensuring a compliant online presence across the British Council’s 250 websites. A key selling point for Cookie Consent was that it enabled them to scan all websites for cookies and other tracking technologies. Before OneTrust, this was all done in-house and was difficult to maintain in light of a changing regulatory landscape. Automating the process through OneTrust has enabled British Council to seamlessly manage cookie compliance across their web properties.
Since integrating a new cookie banner providing visitors with clear and concise information, British Council has seen how this has impacted user interactions with their sites.
“OneTrust’s Cookie Consent was invaluable. It reduced the resource that we were going to have to spend if we did it in-house. Also, the fact that Cookiepedia can pick up and reassign existing cookies is amazing,” said Tumi
First class research with OneTrust DataGuidance
OneTrust DataGuidance has enabled the British Council to centralize and focus their privacy research. Being able to generate reports, particularly on enforcement actions, and send them to regional Information Governance Advisors, is useful for ensuring that they also stay up to date. According to Tumi, no other provider on the market provided the same coverage as OneTrust DataGuidance.