- Data Mapping Automation
- PIA & DPIA Automation
Deloitte and OneTrust Partner to Bring a Touch of Luxury to Cosmetics Company’s Privacy Program
A Dutch-based cosmetics company prides itself on bringing luxury to everyday routines, and beyond that, their philosophy extends to living well and sustainably. Their privacy program is no exception, with the help of Deloitte, they underwent a complete overhaul of their privacy organization to ensure they were operating efficiently and could best manage the personal data they process.
Deloitte initially worked with the luxury cosmetics company to support a privacy review on the current privacy organization, and sought to remediate the gaps found and create a more bespoke and functional privacy organization. After this process, the luxury cosmetics company decided they needed a privacy management tool that could more closely meet their needs. Koon-Sang Tsang, Manager Privacy and Data Protection at Deloitte, was part of the team that helped identify OneTrust as the ideal solution.
“After the initial privacy review the luxury cosmetics company noted that their existing privacy management tool wasn’t providing the right kind of functionality and flexibility, so we helped them identify OneTrust as the next step for their privacy organization to automate and maintain the most urgent privacy operational processes,” said Koon-Sang.
Needing a Privacy Organization Cleanse
The luxury cosmetics company found their previous privacy management tool to be too rigid, and did not allow for sufficient customization and insights that would help them ensure their customer’s personal data is handled with care.
“The luxury cosmetics company needed a tool that would grow with their organization, and OneTrust’s customization would allow for that kind of future-proofing,” said Koon-Sang.
With Deloitte’s support, the cosmetics company carried out a company-wide privacy review to get a clear picture of where they needed to improve their privacy organization to ensure they were GDPR compliant. The privacy review helped highlighting where the privacy team wanted additional functionality from their privacy management tool.
After the initial privacy review the luxury cosmetics company noted that their existing privacy management tool wasn’t providing the right kind of functionality and flexibility, so we helped them identify OneTrust as the next step for their privacy organization to automate and maintain the most urgent privacy operational processes.Koon-Sang TsangManager Privacy and Data Protection
To meet their goals, the luxury cosmetics company asked Deloitte to assist with finding and implementing a technology-based solution to support their privacy organization. Having a strong partnership with OneTrust, as well as a history of successful implementations, Deloitte recommended that they implement OneTrust’s Assessment Automation and Data Mapping modules.
As part of the selection process, the cosmetics company’s Data Protection Officer was given a demonstration of the OneTrust platform and could see that the tool’s capabilities would help them build the bespoke privacy organization they needed to achieve their compliance goals.
Building the Foundations of a Sustainable Privacy Organization
To build a privacy organization that would best serve their purposes and help them deliver on their privacy promises, the luxury cosmetics company were willing to start fresh and re-use existing information where possible, which helped make the implementation process more efficient.
Given that Deloitte had extensive experience with OneTrust’s tools, they were able to set up the modules directly in the cosmetics company’s tenant without the need for a sandbox environment. For this first phase of their privacy organization overhaul, Deloitte was helping them build a clear picture of their records of processing activities (ROPA) using the Data Mapping module, and data protection impact assessment processes using the Assessment Automation module and Risk Register. Also, Deloitte helped with creating training and knowledge materials for internal staff to use when they use OneTrust.
Deloitte and OneTrust worked closely to customize the tools to fit the luxury cosmetics company’s needs. In particular, the partners leveraged OneTrust’s bank of customizable assessment templates to create a bespoke data protection impact assessment (DPIA) process and customize other assessments to support their data processing.
A Rejuvenating Privacy Organization
The success of the cosmetics company’s implementation is in part thanks to the continued support from both Deloitte and OneTrust. From the initial demonstration through the post-implementation training for the DPO, both sides have ensured that the customer understood the tools’ functionality and had a strong foundation on which to develop and mature their privacy organization.
More importantly, the luxury cosmetics company can grow their privacy organization with OneTrust. As their organization matures and operations diversify, they will have the adaptability to continue to customize solutions that meet their changing needs.