Highlighting Data Privacy Week, we’re taking the opportunity to acknowledge privacy as the cornerstone of trust, recognizing that it’s embedded in all we do. Whether it’s fleshing out ESG principles, developing an ethical framework for organizational change, or mitigating security risks, elements of privacy can be found at every level.
And as privacy continues to evolve rapidly, organizations continue to face the challenges of meeting the demands of numerous new regulations and guidelines while staying on top of their strategic goals. This means privacy professionals are finding themselves wavering between competing priorities: keeping up with an aggressively fast-paced regulatory landscape and building a robust privacy compliance program that indicates trust.
How can privacy teams keep tabs on operational goals while juggling strategic planning?
By effectively utilizing the resources available.
Here are some of the ways OneTrust uses OneTrust for data privacy.
At OneTrust we hold ourselves and our privacy program to the highest standard. Part of that includes focusing on sharing timely and transparent information with users and individuals about how and why we use their data. Every individual has the potential to become a trusted partner, customer, or employee, and our treatment of their data sends an important message to them regarding our values and our ability to earn their trust. We understand it’s critical to follow this transparency with a second layer, which is why we put individuals in control of their personal data use through tools such as our preference center, cookie banners, and Data Subject Access Request (DSAR) webforms.
Managing consumer rights requests
Through collaboration with our product development team, we’ve developed a versatile system of intake channels for privacy requests. OneTrust Targeted Data Discovery paired with automated workflow assignment in DSARs has allowed us to streamline our approach to managing privacy requests from customers and marketing recipients. By using our own tech, we can automate some of the more generic requests fully. This means that no matter how the request is received, we’re able to automate intake from our data protection officer’s inbox with intake from internal and external web forms. By leveraging automation and customized DSAR module workflows, we can ensure individuals receive the same treatment when it comes to exercising their rights regarding their personal data. As well as save significant time when it comes to flagging, managing, and actioning frequent requests, enabling us to focus our efforts elsewhere.
Empowering our customers
We’re able to offer our customers a personalized user experience by leveraging our PreferenceChoice platform, which gives individuals greater authority and visibility when it comes to their communication preferences.
Working in tandem with Targeted Data Discovery, the platform further supports consumer requests by seamlessly integrating with our consent management platform to capture and manage consent. With the increased visibility when it comes to managing consent opt-ins, we’re able to see at which point consent was given and the language used, helping to indicate applicable processing and prevent processing data without consent or beyond the scope of the consent given.
Taking a bite out of cookie consent
When it comes to cookies, we like to lead by example, enabling new privacy-forward features on our infamous cookie banner by default and using our own set up in demonstrations. We want to show that maintaining the right standard, as set by regulators, can be done in a user and business-friendly way. Which is why we’ve implemented an omnipresent cookie icon across our site, so users can easily manage preferences at any stage of their browsing journey.
Giving you tools to manage your own privacy is critical to how we use OneTrust. But that’s only half of it. We also use OneTrust to manage our internal privacy and security program (and in fact, were awarded the world’s first ISO 27701 in many ways thanks to how we use OneTrust to manage this program!)
The significance of using the OneTrust platform for compliance is that it allows us to embed the process of privacy and security management across all activities. For example, being able to link specific ISO controls to risks identified in our privacy and security assessments for vendors or other activities, emboldens us to easily track and report on these relationships.
Creating a game plan for vendor risk management
Our third-party risk solutions provide an efficient and effective approach for security, compliance, and risk management operations to work together. Our connected set of vendor risk management, data mapping records, and privacy impact assessments, simplify onboarding and offboarding by integrating multiple workstreams to trigger privacy and security risk reviews to automatically flag prospects, update our records of processing, and assign tasks to business owners for review.
Acknowledging a truly robust privacy program as being underpinned by an organization’s employees, we believe in empowering our employees to handle data appropriately. By utilizing our Awareness Training module, we’ve created a customized eLearning course that’s shared with all new and existing employees regularly. Within the course, all staff are trained and tested on the essentials of privacy awareness and encouraged to report even the smallest of events.
Navigating incident management
For the more serious incidents, we rely on the guidance included in the Incident Module about which jurisdictions require breach notification to the authorities and/or individuals involved. This information is generated from our DataGuidance research team and is delivered as a task.
OneTrust leverages our platform of trust to protect data privacy across our organization and for our community of trust. That’s why we are celebrating Data Privacy Week, beginning January 24, to bring awareness to privacy as a core pillar of building a more trusted organization.
Privacy’s expansive reach highlights the connection between business and mission drivers, organizational roles and responsibilities, and privacy protection activities. If you’re interested in participating in a wider conversation around privacy, we’re celebrating Data Privacy Week across OneTrust with an array of events leading up to Data Privacy Day on Friday, January 28.
Join us for two special Data Privacy Week LinkedIn Lives:
A Data Privacy Week kit is also available for use within your organization, which includes a digital swag bag of goodies such as social graphic templates, digital backgrounds and virtual stickers for you to enjoy.