- Medical Equipment & Supplies
- Australia Privacy Act
- Cookie Consent and Website Scanning
- Data Mapping Automation
- Data Subject Rights Management
- PIA & DPIA Automation
ResMed Creates a Healthy Global Privacy Program with OneTrust
ResMed pioneers innovative solutions that treat and keep people out of the hospital, empowering them to live healthier, higher-quality lives. Its cloud-connected medical devices transform care for people with sleep apnea, COPD and other chronic diseases, and our comprehensive out-of-hospital software platforms support the professionals and caregivers who help people stay healthy in the home or care setting of their choice.
By enabling better care, ResMed improves quality of life, reduces the impact of chronic disease and lowers costs for consumers and healthcare systems in more than 120 countries. Striving to change 250 million lives by 2025, ResMed manages various categories of personal data across sectors and jurisdictions, so data protection and privacy compliance is critical to continued success.
There are a lot of reasons you can have a poor night’s sleep. If you think it's related to a health condition, speak to your doctor about sleep apnea, they might be able to help you. If you're losing sleep worried about data privacy, speak with OneTrust, maybe they can help.Kevin ConollyGlobal Privacy Manager
Keeping up with the Pace of New Privacy Regulations
With wide-reaching data protection requirements under regulations like the GDPR, CCPA, ePrivacy, LGPD, and Australia Privacy Act, ResMed understands the importance of shifting their privacy program to account for global compliance.
“Privacy regulations have picked up momentum since the GDPR went into effect, and we want to build on our existing compliance efforts to prepare for new and impending regulations,” said Frederic Varnieu, Director of Privacy, Europe at ResMed.
“Our main challenge was developing a global strategy that adapts to fits our unique, industry-specific privacy compliance needs across business units,” added Elise Flori, ResMed’s Privacy Advisor.
Historically, ResMed’s privacy program was based off tools suitable for lower volumes of data, which made processes inefficient and time-consuming. ResMed instead needed a centralized privacy management platform that better aligned their efforts and accounts for ongoing regulatory updates.
“We were not looking for a tool that simply digitizes our pen-and-paper processes into a centralized database, but a highly configurable platform with multi-lingual capabilities that supports all areas of our organization,” said Varnieu.
Breathing Life into Strategic Data Protection Processes
ResMed evaluated several vendors in the privacy management technology space and ultimately landed on OneTrust for its Data Mapping Automation, Assessment Automation (PIA/DPIA), Data Subject Access Rights and Cookie Compliance tools.
Basically, we talk to our account manager, and soon after we have the new feature available in OneTrust.Frederic VarnieuDirector of Privacy, Europe
“The major benefit of OneTrust is the platform’s agility,” said Varnieu. “We can capitalize on the deep privacy research built into the tool and also customize the templated assessments and questionnaires to mirror our standard verbiage and adapt to our business processes and country-specific needs. This flexibility has been crucial to simplifying our global privacy compliance processes.”
ResMed began their implementation journey with OneTrust’s Data Mapping tool as the core module to manage their processing activities, and the moved on to implementing Assessment Automation. With Assessment Automation, ResMed can distribute privacy-related questionnaires to several project managers throughout the organization, so the task of answering is shared among many people. This process powers the privacy office with more accurate information as privacy is evangelized across business units in the organizations.
ResMed also uses OneTrust for its cookie banners and web compliance to automatically scan websites for cookies, create branded consent and preference banners, and auto-generate cookie list as part of their compliance strategy.
Additionally, ResMed implemented OneTrust’s Data Subject Access Request tool to manage incoming subject rights requests in a central roles-based access dashboard. “The Data Subject Requests tool has the look and feel of a ResMed tool.” said Kevin Conolly, ResMed’s Global Privacy Manager.
Today, OneTrust’s platform is used as a single source of truth for all operations involving personal data and privacy compliance. Additionally, ResMed’s security team saw value in OneTrust and has implemented the platform across their own business unit to simplify their security questionnaire process.
The major benefit of OneTrust is the platform’s agility. We can capitalize on the deep privacy research built into the tool and also customize the templated assessments and questionnaires to mirror our standard verbiage and adapt to our business processes and country-specific needs. This flexibility has been crucial to simplifying our global privacy compliance processes.Frederic VarnieuDirector of Privacy, Europe
Sleeping Easy with a Global Privacy Program Powered by OneTrust
As a company managing massive amounts of special categories of data across the world, ResMed has quickly cultivated a global privacy program and team with the help of OneTrust. ResMed attributes this success to OneTrust’s agile platform and rapid development cycle.
“Basically, we talk to our account manager, and soon after we have the new feature available in OneTrust,” said Varnieu.
Looking ahead, ResMed will be implementing OneTrust’s Consent Management solution and integrating the platform with their IT support team.
“The Consent module would allow ResMed to centrally automate and manage data subject consents across all of our businesses and geographies, and the databases that support them,” said Conolly.
Additionally, ResMed is looking at OneTrust’s Incident & Breach Response module to integrate IT support into OneTrust to enable employees to send a notification in event of an incident or a violation of personal data and notify relevant authorities of possible breaches within the GDPR’s 72-hour time frame.
“There are a lot of reasons you can have a poor night’s sleep. If you think it’s related to a health condition, speak to your doctor about sleep apnea, they might be able to help you. If you’re losing sleep worried about data privacy, speak with OneTrust, maybe they can help,” said Conolly.