OSRAM

OSRAM uses OneTrust privacy management software for data mapping and GDPR preparation

Ceiling with bright lights in a modern warehouse shopping center

OSRAM GmbH is the global No. 1 provider of automotive lighting and a worldwide leader in innovative lighting solutions. Based in Munich, OSRAM is changing the way people see their world with a collection of high-tech applications based on semiconductor technology, smart connected lighting solutions and technology that enhances people’s lives in the digital age.

Leading up to the General Data Protection Regulation (GDPR), OSRAM took the same innovative approach in ensuring its privacy program met the regulation’s strict data protection standards.

“In setting up the privacy program we did adopt the same systematic management approach as for our Compliance System in general,” said Dietmar Prechtel, Chief Compliance Officer at OSRAM.

As a first step toward GDPR compliance, OSRAM’s privacy team knew it needed to conduct a data mapping assessment of the organization.

“We are a B2B company, but even still we process personal data for customers, distributors and employees, and meeting GDPR compliance standards was an important step for our privacy team at OSRAM,” said Barbara Schmitz, Head of Privacy at OSRAM GmbH.

Data mapping and inventory are critical components of a privacy program. Understanding how data flows through OSRAM serves as a pre-requisite to being able to secure the data and analyze risks.

“We needed to first understand the data collection and processing activities within OSRAM so we could identify and mitigate any data privacy risks,” Schmitz continued.

To complete a successful data mapping exercise required participation from various business units across the organization. With 70 affiliated companies across the world, many with unique privacy requirements specific to their locale, OSRAM needed a technology solution that also served as a powerful communication tool to educate employees about data mapping exercises and its importance for global privacy compliance.

“As the world becomes more digital and lighting more intelligent, it’s critical to leverage data-driven insights to improve our products, but just as critical that we protect privacy. With OneTrust, we are able to find the balance between data insights and data protection to build innovative solutions and protect the rights of our customers, business partner and employees.”

 

Barbara Schmitz, Head of Privacy

Partnering with OneTrust for privacy management technology

OSRAM selected OneTrust Privacy Management and Marketing Compliance software to serve as its technology platform to deliver data mapping questionnaires and automate the assessment process across the company.

“OneTrust provides and easy and user-friendly way of responding to questions and queries,” said Sarah Haghdoust, Data Privacy Counsel at OSRAM. “It’s a pleasant user experience. Through customization and branding, our employees feel comfortable with the process and we get a good response.”

With the data mapping activities complete, OSRAM’s privacy team reviewed the results and worked to mitigate risks and gaps identified throughout the process. When necessary, OSRAM conducted data protection impact assessments (DPIAs). If they found a large amount of personal data was being processed, they worked with the business leaders to determine if the data was necessary, and if so, set retention and deletion timeframes and other privacy by design controls in place to protect the data.

Since OSRAM is a global company with a large number of affiliated subsidiaries, the privacy team created an internal network of privacy champions to help business units with GDPR preparation efforts, including completing data mapping questionnaires and conducting DPIAs. Since these champions speak the local language and understood the regional culture, it helped roll-out privacy policy across the company.

Looking ahead to a bright future

Now that the GDPR deadline has passed, OSRAM is maintaining their privacy program with OneTrust and use the tool also to assess its data protection policies to adhere laws specific to regions. Since OneTrust is flexible and customizable, OSRAM can utilize a familiar tool for various data protection assessments.

“It’s also helpful for privacy organizations to have strong synergies with IT departments,” advised Haghdoust. “We need to work together to plan out what assets and tools people are using to process personal data. We found through our data mapping exercise there were a lot we didn’t know about, and with the flexibility of the OneTrust tool we can adjust our GDPR processes to comply with other global privacy laws.”

Privacy continues to be top of mind as OSRAM builds new technology and innovative products, such as the OSRAM Lightintelligence IoT Platform.

“As the world becomes more digital and lighting more intelligent, it’s critical to leverage data-driven insights to improve our products, but just as critical that we protect privacy,” concluded Schmitz. “With OneTrust, we are able to find the balance between data insights and data protection to build innovative solutions and protect the rights of our customers, business partner and employees.”


You may also like

Webinar

Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more

Webinar

Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Learn more

Webinar

Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more