Relevant GDPR Articles
- Article 25: Data protection by design and by default
- Article 35: Data Protection Impact Assessment
- Article 36: Prior Consultation
Operationalize Privacy by Design
Privacy Impact Assessment (PIAs) are essential in helping privacy professionals identify and guide the use of personal information across the organization. PIAs require tight collaboration between the privacy office and business leaders in order to address privacy-related regulatory requirements.
According to the EU General Data Protection Regulation (GDPR), data privacy must be considered in the initial design stage of a project, and organizations are responsible for putting in place the appropriate policies, procedures and systems to enable this ‘privacy by design’ approach. In the event a project is likely to result in a high risk to the rights and freedoms of data subjects, the GDPR requires a Data Protection Impact Assessment (DPIA) in order to meet compliance.
OneTrust helps operationalize privacy by design in order to comply with GDPR requirements. Our automated privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) are designed to increase organization-wide adoption through role-based templates and self-service tools that are integrated into project lifecycles. All privacy projects across the organization are consolidated into a central dashboard for a complete record of data protection activities.
The process of creating, distributing and analyzing PIAs and DPIAs requires automation to efficiently achieve ‘privacy by design’ as an organizational reflex. OneTrust provides the most comprehensive library of customizable assessment templates, built by in-house privacy experts, which can be tailored to fit your specific organizational workflows.
Customize, Build or Import Templates
Get started by customizing one of our assessment templates, building a new template, or importing an existing template into OneTrust. Choose from over 20 available templates, including privacy impact assessments (PIA), vendor risk assessments, subject rights requests and data breach incidents. Our point-and-click UI makes building and customizing templates easy.
Streamline Privacy Workflows
Whether an assessment is initiated by the privacy office or the project leader, OneTrust allows you to define the end-to-end process from assignment to review and approval. Implement threshold assessments to determine if PIAs are necessary, and automatically escalate PIAs with high risk to DPIAs. Set even more granular conditions to automatically flag risks based on specific responses.
Building a network of privacy champions across the organization and empowering them with tools that integrate seamlessly within their project management lifecycles is critical. OneTrust helps drive organization-wide adoption of privacy impact assessments (PIAs) and increases accuracy of data collected through business-friendly language and tools.
Each business division, department or team has unique processes and systems. Once you’ve identified the most appropriate integration point for a privacy assessment, you can embed a link to the OneTrust self-service portal, enabling business users to generate PIAs as new projects arise.
Enable business users to start new projects and monitor the progress of their existing projects from any device, through our responsive self-service portal. As an administrator, you can define the type of assessments available, including assignment rules and permissions.
Incorporate business-friendly language and helpful tips into your assessment templates. This provides a more tailored experience for your business users, based on their department, role or location, and helps increase the accuracy of the data you’re collecting.
Third Party Collaboration
Share Projects with External Users
OneTrust makes collaboration with third parties easy by enabling you to share privacy projects with users outside of your organization. You can simply add an external user in OneTrust, assign them to a project and set a date for when their access to the self-service portal will expire.
Gap Analysis and Risk Remediation
Mitigate Business Risk
As PIAs are submitted to the privacy office, OneTrust automatically flag risks and provides recommendations for remediation. Risks are flagged using a configurable heatmap, which includes severity and likelihood. You can also manually flag risks, and provide additional guidance on a project by project basis. Project-related evidence, activities and approvals are all stored within OneTrust.
Central Privacy Dashboard
Measure Business Impact
OneTrust gives you complete visibility into privacy projects across your organization. Better understand the sources of risk and measure the impact of your privacy program in mitigating these risks, and protecting the privacy of your customers and employees.
Meet Regulatory Compliance
OneTrust helps you maintain a complete record of privacy program activities in order to demonstrate compliance with data protection regulations. You can export a full history report for any project conducted by the privacy team, and speed up internal and external audits.