- Legal & Professional Services
- Cookie Consent
- Data Mapping Automation
- Third-Party Risk Management
Randstad Unifies Privacy Management Across Global Network of DPOs with OneTrust
Randstad is the global leader in outsourcing, staffing, consulting and workforce solutions, with more than 38,000 employees managing a workforce of 600,000 each week across 39 countries.
With this global scope and focus on human resources, the company manages a great deal of personal data on a daily basis, with each local entity acting as an independent processor or controller of personal data with local data protection responsibilities.
“Privacy is critical to Randstad because, in HR services, we are working with the data of millions of people,” said Wouter-Bas van der Vegt, the Global Data Protection and Information Security Officer at Randstad. “Privacy is at the core of our business to make sure that our candidates, workers, employees and clients can trust us, while making sure that we still can do our business in an efficient and effective way.”
A GDPR-focused approach for a global privacy initiative
The Randstad privacy team approached the GDPR with a global mindset and a local approach. They understood the regulation would be a good starting point for the company to manage their data collection and processing activities, and that the GDPR efforts could be rolled out globally. The team approached the GDPR with a mindset that they would start in Europe, and later implement similar practices to other regions, adjusting to specific local legislation.
As a company that itself utilizes innovative technology to serve its clients, Randstad knew that technology could help with their GDPR and global privacy efforts. Manual work in Excel or Word didn’t provide the visibility and automation the team needed to manage efforts across a network of country-based DPOs and privacy champions. Also, with regulation at its infancy and a growing list of local and country-specific laws likely to follow, Randstad needed a solution that could adapt to the changing and evolving global privacy landscape.
“Let’s look for a company that understands what we are doing, but also has the capability, flexibility and agility to build additional functionality rapidly to make sure that we can meet our objectives.”Wouter-Bas van der VegtGlobal Data Protection and Information Security Officer
“We said, ‘let’s look for a company that understands what we are doing, but also has the capability, flexibility and agility to build additional functionality rapidly to make sure that we can meet our objectives,’” said van der Vegt. “While we know no one tool provides the silver bullet, in the end, after an extensive selection process, OneTrust was the company that fit our bill the best.”
Building a technology-powered privacy program for assessments, data mapping and cookies
Since the company is rapidly changing and constantly innovating, Randstad started its GDPR efforts leveraging OneTrust for what the company calls “privacy quick scans” (PSQs) to identify if additional assessments like a privacy impact assessment (PIA) is required. They needed a solution to assess the data protection impacts of various digital transformation technologies the company is consistently evaluating and implementing. These PSQs help Randstad’s privacy team keep up with the business’ innovation and understand identified risks to ensure the right controls are in place.
The team used the PSQs to serve as the baseline for data mapping activities, assessing both new technologies and legacy systems. This process helps Randstad’s privacy team understand the assets and applications linked to processing personal data.
Randstad also leverages OneTrust for its vendor selection process. Vendors receive a questionnaire through OneTrust to identify data protection policies and security incidents and understand risks related to the vendor.
The company also uses OneTrust technology to scan websites for tracking technologies, develop its cookie banner and maintain records of consent. OneTrust’s technology helped Randstad’s cookie banner stay on brand at a global level, but can also adjust for local needs such as consent type and language.
Evolving technology to meet the innovative business needs
With OneTrust, Randstad is able to empower its network of country DPOs to automate and manage privacy efforts at scale. They can leverage insights garnered in one country, and automate those processes in other areas regions for a truly comprehensive and global privacy program.
“The partnership we have with OneTrust makes the difference, not only on a company basis, but also with the people we work with.”Wouter-Bas van der VegtGlobal Data Protection and Information Security Officer
As the privacy landscape and global regulations are rapidly changing and evolving, Randstad is looking to take its EU GDPR efforts to more countries around the world. OneTrust helps Randstad keep up with privacy requirements as the business quickly evolves and becomes more digital. The privacy team is able to serve as a consultant for the business units as they deploy new technology, rather than a hindrance to innovation.
As the program grows and evolves, Randstad is confident that their partnership with OneTrust will continue to grow with their efforts.
“The reason we really love to work with One Trust is that they have great people that make the difference,” said van der Vegt. “They are available if you have any questions, struggling with issues or just listen to what you are trying to achieve. The partnership we have with OneTrust makes the difference, not only on a company basis, but also with the people we work with.”