- Banking, Finance & Financial Services
- Data Mapping Automation
- Incident & Breach Management
- PIA & DPIA Automation
- Vendor Risk Management
Smart Pension Takes an Integrated Approach to Privacy Compliance with OneTrust
Smart Pension is a workplace pension platform tailored to support UK businesses faced with the challenges of providing workplace pensions. The company combines pensions and administration expertise with innovation and technology to simplify and streamline the process, making it almost frictionless for business owners to manage their workplace pension and to provide a contemporary customer experience for their employees.
With customer trust a top priority for the Smart Pension team, they understand that having a secure system for the way they process data is extremely important.
“Being able to provide the evidence to both partners and regulators that we are looking after customer’s data the right way is essential,” said Richard Barber, Data Protection Officer (DPO) at Smart Pension. “This is not only from a compliance standpoint, but it is crucial that our customers know we are managing their data safely and securely.”
Finding technology to balance innovation with data protection
In an industry that handles a great deal of personal information, ensuring ongoing compliance with the EU GDPR requirements was a vitally important task for the business. For one, Smart Pension is in a phase of rapid growth, so when getting ready for GDPR, it was crucial to achieve compliance while not inhibiting current business innovations and product growth.
Another challenge came from the company structure itself: Smart Pension is a processor, a sub processor, controller and/or a vendor as it rolls out its technology platform to other pension providers. This unique structure added to the complexity when approaching GDPR compliance efforts, and the firm proactively sought out specialist technology to help it balance this structure while ensuring data protection.
As Smart Pension began to search for a future proof solution to ensure ongoing compliance with GDPR, it was important to use a tool that would enable Smart to quickly document the data flows through processes, assets and vendors.
“When we were looking at the different tools that were available, OneTrust’s integrated approach made it stand apart,” said Barber. “That’s one of the main reasons we selected a full suite of OneTrust products, because they are all able to seamlessly work together, removing the need to enter the same data repeatedly, for example.”
A one-stop shop with OneTrust
Smart Pension faced the challenge of the new GDPR regulations head on with OneTrust, implementing a full suite of products including Assessment Automation, Data Mapping Vendor Risk Management and Incident & Breach Response. “OneTrust was a real one stop shop for us,” said Barber. “They were able to help us address all of our needs, while being cognizant of our unique business model and processes.”
OneTrust’s Assessment Automation powers the Smart Pension privacy team to roll out a tool to the business that enables employees to do many assessments themselves. This transitioned their business to where ownership of privacy was something that all the different departments within the business see as a key part of their role, embedding best practice across the business.
With OneTrust’s Data Mapping solution, Smart Pension has a centralised resource for understanding where data exists and flows throughout the company. As databases and processes change, updates can be made dynamically into the OneTrust platform, versus keeping processes updated in manual formats like word documents and excel sheets.
OneTrust’s Vendor Risk Management tool gives Smart Pension the appropriate oversight and mechanisms to assess vendors. Smart Pension was able to use Vendor Risk Management to assess vendors and create data assets and processing activities, making it quick for them to understand the data flow within the business.
“Being able to show that OneTrust is our core system was a huge help to us, and takes us well and above just meeting minimum compliance,” said Barber. “We were able to give confidence that we had the right protocols in place related to assets and processing activities, making us a company that any vendor would be happy to work with.”
Smart Pension also leverages OneTrust for an Incident & Breach Assessment workflow. It is a priority for the Smart Pension team to ensure that any events are logged and correctly, so Smart can quickly provide proper documentation to the Information Commissioner’s office (ICO), if needed.
“With OneTrust we are able to roll out the Incident & Breach tool to the entire company,” said Barber. “This imbeds a good data management culture and control within the company and means that people take ownership of data-related issues.”
Building data protection into the DNA of the company
In the process of integrating the OneTrust platform throughout the entire company, Smart Pension is looking to the future to establish data protection as an integral part of each employee’s role, ensuring that privacy is being looked after for all of their data subjects.
“The OneTrust platform is already impressive, and it is continuously improving and evolving,” said Barber. “The knowledgeability of the staff is unparalleled, and expert consultants are always available and willing to help.”
© 2019 OneTrust, LLC. All Rights Reserved.