“Our approach to privacy is two-fold,” said Renate Lang, Legal Counsel/Head Practice Group HR & Data Protection at Schindler. “As an employer it is imperative that we take care of the personal data and processing of our employees, and from a legal perspective we have to do everything we can to be compliant and help mitigate the risks for the company in terms of data protection.”

Mobilizing to an aligned privacy program

Prior to the GDPR, operating under the European Data Protection Directive, Schindler was managing their privacy program in different ways across all 28 EU member states. This made it difficult to streamline privacy across the company. Once the GDPR came into effect, it allowed Schindler to better align their approach to privacy, but they still faced challenges as a company operating at such a large global scale.

“We are too big of a company to work with excel files,” said Lang. “We needed a tool that is accessible from every level and allows us to see everything in our privacy program at once, something that is not only secure but easy to manage.”

As Schindler began to look for a tool to manage their global privacy compliance efforts, they evaluated multiple tools but found OneTrust was the best fit for their privacy program.

“We saw that OneTrust is a tool that we could roll out globally,” said Lang. “It was important to us to find a soft solution that can evolve and change with our privacy program, and we were able to find that with OneTrust.”

Manufacturing a localized approach to a global challenge

Schindler selected OneTrust for Assessment Automation (PIA/DPIA), Data Inventory & Mapping and Data Subject Rights Management for their global privacy compliance efforts.

OneTrust Data Inventory & Mapping provided Schindler a central location outside of excel files and paper for all data assets and maps within the company. Once they entered that inventory into the tool they were able to use it for new processing activities.

As an organization made up of more than 100 companies, it’s important to Schindler that data protection knowledge doesn’t stay at their headquarters, but is implemented at the local level. They built data processing centers in each European country that they operate, each with project owners with the knowledge to register the assessments for the processing activities that are taking place.

“One of the advantages of OneTrust is the ability to streamline compliance globally where it’s not just siloed to one department or one location,” said Lang. “My colleague in Germany can use it same as I can in Switzerland.

Lastly, the Schindler team is also working to fully customize their implementation of the Data Subject Rights Management tool to create automated workflows and continue to streamline global privacy compliance efforts.