In aiding more than 2,500 companies mature their privacy and security compliance programs, we’ve heard one question more than any other: “How do I keep my data map up to date?” 

There are many methods to maintaining an evergreen data map, such as with integrations and assessment automation. But emerging techniques, ones that use the OneTrust Vendor Risk Management platform in combination with our data mapping tool, are helping companies sustain an up-to-date data map and automate alerts and actions. Here’s how: 

Auto-populate vendor information with Vendorpedia 

Gathering information about vendors doesn’t have to require a dozen Google searches. Companies are leveraging Vendorpedia, OneTrust’s Third-Party Risk Exchange, as a quick way to auto-populate information into their data map. OneTrust aggregates critical vendor information into Vendorpedia, and with a click of a button, you can link it to your data map. This research would typically take valuable resources away from more high-priority projects. Third-party information that can be added to your data map from Vendorpedia includes: 

Build automated reassessment triggers 

Within the OneTrust Vendor Risk Management tool, you can configure reassessment rules. These rules use triggers to send out assessments, which feed the latest information into your data map. For example, build reassessment triggers based on:  

When a reassessment is sent, answers from the previous assessment are pre-populated, making the reassessment process much simpler and efficient. 

 Sync third-party risks with related processing activities & assets 

OneTrust Vendor Risk Management and the Data Inventory & Mapping tool work in synchronicity, adding business context while helping risks tied to your data map remain accurate. Any third-party risks identified via the OneTrust Vendor Risk Management tool are linked and synced to related processing activities and assets within your data map. And as these vendor risks are mitigated, your data map updates dynamically. To summarize, risks within your data map are: 

 Add the latest contracts & DPAs to relevant assets and processing activities 

As new laws place greater emphasis on data processing agreements (DPAs) and specific clauses in contracts, companies are seeking to ensure that processing activities fall within the scope of a contract. By leveraging OneTrust Vendor Risk Management, your team can automatically link your DPAs and contracts to processing activities within your data map. This helps your team:  

Request a demo today or contact your OneTrust representative to learn more about how OneTrust Vendor Risk Management can help your company build a more complete and up-to-date data map.