The City of Neuilly sur Seine administration has 1,200 employees and oversees 60,000 residents. Many of their processes involve the personal data of their citizens, whether it be for social assistance, childhood, early childhood, the elderly, among others. Naturally much of this data is classified as sensitive data.

During the implementation of the GDPR, the IT Department worked on the City’s data privacy program. Stephanie Goychman joined the team as Data Protection Officer in May 2018 to manage this compliance program. Her first challenge focused on the register of processing activities, which she had to review and validate, in addition to managing data subject requests, which involves different processes to be carried out in different areas.

“We used different tools for data subject requests management, incidents, etc. We started looking for a unique tool to consolidate the management of our entire program. Our Data Manager proceeded to an important benchmark that led to our engagement with OneTrust,” says Stephanie.

Protecting personal data: A top priority for the city of neuilly

The City of Neuilly processes a lot of personal data on a daily basis, including sensitive personal data on its citizens, therefore GDPR compliance is a top priority. The management of data subject requests, records of processing and incident management, among other tasks, represented a colossal job for the compliance management team and a centralized tool became increasingly essential to manage the team’s workload. In addition, consent management, keeping their website up to date with privacy and legal notices and actioning consent preferences, in short, it was becoming difficult to manage everything in different tools and there was more and more room for error. Data Manager for the city of Neuilly Sur Seine, Daniella Lopes Neves, describes the advantage of have OneTrust has the centralized tool to manage all of these processes.

“Of all the tools that we evaluated, most offered settings and access to metadata in databases, etc. We decided not to implement this kind of tools because it turned out to require a fairly technical background,” says Daniella.

Choosing OneTrust to manage DSARs and centralize activities

“The company that conducted our GDPR audit in 2018 did a study in which they recommended OneTrust as the most complete and user-friendly solution. We also heard the similar comments from other public sector organizations who had also chosen OneTrust. Having similar challenges, we thought it was a good idea to work with a company already in the thick of it,” explains Daniella.

The City of Neuilly Sur Seine is currently using the following OneTrust modules: Assessment Automation, Data Mapping, DSAR, Vendor Risk Management, Policy and Notice, Incident and Breach, Universal Consent and Preference Management, and Cookie Consent.

Stephanie describes how the assessment automation module has allowed the team to streamline their assessment process: “This module has been set up really well, it’s easy since once you’ve created the questionnaire which is the basic task, you can send it to anyone and any company. People receive a link that allows them to complete the assessment, and if it hasn’t been completed within the required timeframe, they receive an automatic reminder. This module works great!”

“Regarding data subject requests, and in the event of needing to provide a report to the CNIL, we will have all the requests, answers provided, all time stamped in addition to listing people who were involved, providing full traceability, which is essential for compliance,” says Stephanie.

“For the IT department, being able to record and monitor the expiry dates of supplier contracts was a really important, as we were able to inform all our supplier contracts, and send evaluations to all these people for questions of compliance. This has enabled us to create a very important register and to centralize all our suppliers in this same database,” said Daniella.

Building a strong privacy program with OneTrust

The OneTrust tool helps Stephanie and her team demonstrate accountability and deliver the transparency that their processes need. OneTrust provided a central point that helped support cross team collaboration and strengthen their culture of privacy. “The tool makes it possible to show what to do and what‘s been done and therefore to involve our colleagues much more widely in our strategies for the protection of personal data,” said Stephanie.

Efficiency has been a key benefit for Daniella and her colleagues: “We waste a lot less time dealing with incidents, access requests and rights exercise requests. The return on investment is felt from the first weeks of use. We quickly felt that OneTrust made our daily life easier,“ said Daniella.