OneTrust, a global leader in enterprise privacy management software that supports compliance with data privacy regulations – including the EU General Data Protection Regulation (GDPR) – today announces the availability of a new suite of privacy management questionnaire templates.
The templates include a Privacy Impact Assessment Pre-Screen (PIA), a Data Protection Impact Assessment (DPIA), and a Records of Processing (Data Mapping) template based on deep research and regulatory guidance issued by EU Data Protection Authorities (DPA) and the Article 29 Working Party (WP29).
The templates are available as part of the library of more than 30 privacy assessment templates included in OneTrust’s comprehensive privacy management software platform.
With the EU GDPR coming into effect on 25 May 2018, organisations must undergo significant operational reform with how they handle personal data of customers, employees, and vendors and with how they implement thorough record-keeping to demonstrate compliance.
Privacy Impact Assessment (PIA) and Data Protection Impact Assessment (DPIA) Requirements in Article 35 of GDPR
One of these operational requirements is the DPIA addressed in GDPR Article 35, which states:
“Where a type of processing in particular using new technologies … is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.”
OneTrust’s in-house privacy research team analysed and incorporated guidance from well-respected EU regulator-based sources and industry standards to create PIA and DPIA templates. Instrumental sources include: Article 29 Working Party’s group of EU regulators, the German Standard Data Protection Model, the CNIL PIA Manual & GDPR Toolkit, the UK ICO PIA Code of Practice, and ISO/IEC 29134:2017 Guidelines for PIA.
Records of Processing (Data Mapping) Requirements in Article 30 of GDPR
A second significant operational and record keeping requirement appears in GDPR Article 30:
“Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.”
Although data inventory and mapping is not explicitly mentioned in the GDPR, it is widely recognised that Article 30 requires an organisation to conduct a data inventory and mapping exercise, and most importantly, keep it up-to-date. In creating the Records of Processing (Data Mapping) template to support this requirement, OneTrust’s research team incorporated available guidance including the CNIL’s GDPR Toolkit, the Belgian Privacy Commission’s Recommendation Concerning the Register of Processing Activities, and many additional sources.
“The combination of deep privacy research paired with the enterprise-grade configurability of the OneTrust solution continues to make the OneTrust Privacy Management platform stand out in the market for GDPR and privacy management software,” said OneTrust CEO Kabir Barday, CIPP/US, CIPP/E, CIPM, CIPT. “Our global privacy team continues to conduct daily research into the ever-changing regulatory environment and are committed to offering the industry’s leading, most comprehensive, and easiest-to-use privacy management offering.”
Click here to watch a video overview of the regulatory guidance incorporated in OneTrust’s privacy assessment templates.
More than 100 regulators are expected to attend the Hong Kong International Conference of Data Protection and Privacy Comissioners from 25-29 September. OneTrust is a platinum sponsor of this conference, and is hosting a workshop and social event in tandem with ICDPPC. Registration is available online for both events.
OneTrust is a global leader in enterprise privacy management software used by more than 1,500 organisations to comply with data privacy regulations across sectors and jurisdictions, including the renowned EU General Data Protection Regulation (GDPR).
OneTrust is among the most widely used global technology solutions to implement a GDPR-based privacy compliance programme. The comprehensive OneTrust platform helps organisations track the full lifecycle of their personal data flows, analyse these data flows against global regulations to understand risks, communicate directly with customers, employees, and vendors to capture consent, handle privacy-related requests, and respond appropriately in the event of an incident.
The multi-lingual software is deployed in an EU cloud or on-premise, and is based on a combination of intelligent scanning, regulator guidance-based questionnaires, and automated workflows used together to automatically generate the record keeping required for an organisation to demonstrate compliance to regulators and auditors.
OneTrust helps organisations implement the requirements of GDPR including Data Protection by Design, Data Protection Impact Assessments (PIA / DPIA), Vendor Management, Incident and Breach Management, Records of Processing (Data Mapping), Consent Management, ePrivacy Cookie Compliance, Data Subject Access, Portability, and Right to Be Forgotten.
Backed by the founders of Manhattan Associates (NASDAQ: MANH) and AirWatch ($1.54B acq. by VMware), OneTrust is co-headquartered in London, UK and Atlanta, GA with a fast-growing global team of privacy and technology experts surpassing 200 employees.