With Protiviti’s help, this specialty confectioner embarked on a company-wide review of the data that it processes as well as an exercise to determine where that data is located within the organization, producing an executive-level view of their personal data processing activities. The result was a clearer perspective of the organization’s data processing activities, allowing the customer to address specific compliance obligations, including the new data management requirements within CCPA.

“The customer needed a solution that would support compliance with global regulations and a program that could scale alongside the emergence of the CCPA,” said Protiviti Associate Director, Stephen Nation.

To meet its goals, the specialty confectioner looked to implement a technology-based solution to support its privacy program. Protiviti supported the team by assessing various available solutions on the market.

The customer’s needs were clear, and technology vendors were assessed based on their scalability, value for money, and the ability to integrate with existing systems. Protiviti and OneTrust have a longstanding strategic partnership, with a strong history of successful implementation. This meant Protiviti was confident that the breadth of tools available in OneTrust’s centralized solution would be a valuable and appropriate investment to help this specialty confectioners privacy program thrive.

OneTrust’s Assessment Automation, Data Mapping and Data Subject Rights Requests were selected to support the customer as they worked towards building the perfect platform that made sense for the organization’s needs.

A gold standard privacy program with OneTrust

The most time-intensive part of the confectioner’s project was the initial review into the company’s operations. Once complete, the organization spent two to three weeks assessing vendors with Protiviti, and within three months, they had implemented OneTrust solutions.

The dynamic partnership between OneTrust and Protiviti was key in delivering this successful project. Protiviti was able to setup the customer’s chosen modules in their OneTrust partner tenant and then hand over a fully functional tenant directly to the customer team, ensuring a seamless transition. 

OneTrust’s partner program provided the tools, support, and access that Protiviti needed to assess and implement the customer’s privacy program management.

“Simply put, data mapping can be a complex endeavor. Protiviti has developed a solid data mapping methodology, leveraging a OneTrust partner tenant to efficiently collect the information necessary to build a foundation of data governance. Working with OneTrust makes it simple,” said Nation.

Protiviti and OneTrust worked together to customize the tools to fit the specialty confectioner’s needs. In particular, the partners focused on developing an asset assessment inventory, record of processing inventory, and push-button RoPA (GDPR Article 30 Record of Processing).

The customer team saw OneTrust’s reputation for high-quality support in action when tackling the particular challenges posed by the sudden shift to working from home due to COVID-19 restrictions. 

“As the customer quickly moved to a remote working situation, on-tap support was vital, and OneTrust delivered,” said Nation.

The sweet taste of success with OneTrust and Protiviti

The project with Protiviti and OneTrust gave this specialty confectioner greater understanding, transparency and control over its privacy program.  Due to the success of this implementation, the customer will be evaluating OneTrust’s Vendor Risk Management module as a potential expansion of their existing tenant.