The City of Neuilly sur Seine administration has 1,200 employees and oversees 60,000 residents. Many of their processes involve the personal data of their citizens, whether it be for social assistance, childhood, early childhood, the elderly, among others. Naturally much of this data is classified as sensitive data.
During the implementation of the GDPR, the IT Department worked on the City’s data privacy program. Stephanie Goychman joined the team as Data Protection Officer in May 2018 to manage this compliance program. Her first challenge focused on the register of processing activities, which she had to review and validate, in addition to managing data subject requests, which involves different processes to be carried out in different areas.
“We used different tools for data subject requests management, incidents, etc. We started looking for a unique tool to consolidate the management of our entire program. Our Data Manager proceeded to an important benchmark that led to our engagement with OneTrust,” says Stephanie.
The City of Neuilly processes a lot of personal data on a daily basis, including sensitive personal data on its citizens, therefore GDPR compliance is a top priority. The management of data subject requests, records of processing and incident management, among other tasks, represented a colossal job for the compliance management team and a centralized tool became increasingly essential to manage the team’s workload. In addition, consent management, keeping their website up to date with privacy and legal notices and actioning consent preferences, in short, it was becoming difficult to manage everything in different tools and there was more and more room for error. Data Manager for the city of Neuilly Sur Seine, Daniella Lopes Neves, describes the advantage of have OneTrust has the centralized tool to manage all of these processes.
“Of all the tools that we evaluated, most offered settings and access to metadata in databases, etc. We decided not to implement this kind of tools because it turned out to require a fairly technical background,” says Daniella.
“The company that conducted our GDPR audit in 2018 did a study in which they recommended OneTrust as the most complete and user-friendly solution. We also heard the similar comments from other public sector organizations who had also chosen OneTrust. Having similar challenges, we thought it was a good idea to work with a company already in the thick of it,” explains Daniella.
The City of Neuilly Sur Seine is currently using the following OneTrust modules: Assessment Automation, Data Mapping, DSAR, Vendor Risk Management, Policy and Notice, Incident and Breach, Universal Consent and Preference Management, and Cookie Consent.