Blog

New suite of privacy management questionnaire templates available at OneTrust

September 6, 2017

N/A

New Suite of Privacy Management Questionnaire Templates Available at OneTrust

With the EU General Data protection Regulation coming into effect on May 25, 2018, it’s important for organizations to prepare for how they will handle personal data of customers. Employees and vendors, as well as how they will conduct record-keeping to demonstrate compliance

As part of the library of more than 30 privacy assessment templates in OneTrust’s comprehensive privacy management platform, we have added new EU regulator guidance-based privacy templates for GDPR compliance. The new templates include:

  • Privacy Impact Assessment Pre-Screen (PIA)
  • Data Protection Impact Assessment (DPIA)
  • Records of Processing (Data Mapping) template based on deep research and regulatory guidance issued by EU Data Protection Authorities (DPA) and the Article 29 Working Party (WP29).

Operational and record-keeping requirements are addressed in both Article 35 and Article 30 of the GDPR.

  • Article 35: “Where a type of processing in particular using new technologies … is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.”
  • Article 30: “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.

OneTrust’s in-house privacy research team analyzed and incorporated guidance from well-respected EU regulator-based sources and industry standards to create PIA and DPIA templates. Instrumental sources include:

  • Article 29 Working Party’s group of EU regulators
  • the German Standard Data Protection Model
  •  the CNIL PIA Manual & GDPR Toolkit
  • the UK ICO PIA Code of Practice, and ISO/IEC 29134:2017 Guidelines for PIA

Although data inventory and mapping is not explicitly mentioned in the GDPR, it is widely recognized that Article 30 requires an organization to conduct a data inventory and mapping exercise, and most importantly, keep it up-to-date. In creating the Records of Processing (Data Mapping) template to support this requirement, OneTrust’s research team incorporated available guidance including the CNIL’s GDPR Toolkit, the Belgian Privacy Commission’s Recommendation Concerning the Register of Processing Activities, and many additional sources.

For more information, read our press release and watch a video overview of the regulatory guidance incorporated in OneTrust’s privacy assessment templates.


You may also like

Webinar

Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more

Webinar

Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more

Webinar

Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Learn more

Webinar

Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Learn more

Webinar

Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more

Webinar

Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more