LONDON, Sept. 7, 2017 /PRNewswire/ -- OneTrust, a
global leader in enterprise privacy management software that
supports compliance with data privacy regulations – including the
EU General Data Protection Regulation (GDPR) – today announces the
availability of a new suite of privacy management questionnaire
templates.
The templates include a Privacy Impact Assessment Pre-Screen
(PIA), a Data Protection Impact Assessment (DPIA), and a Records of
Processing (Data Mapping) template based on deep research and
regulatory guidance issued by EU Data Protection Authorities (DPA)
and the Article 29 Working Party (WP29).
The templates are available as part of the library of more than
30 privacy assessment templates included in OneTrust's
comprehensive privacy management software platform.
With the EU GDPR coming into effect on 25
May 2018, organisations must undergo significant operational
reform with how they handle personal data of customers, employees,
and vendors and with how they implement thorough record-keeping to
demonstrate compliance.
Privacy Impact Assessment (PIA) and Data Protection Impact
Assessment (DPIA) Requirements in Article 35 of GDPR
One of these operational requirements is the DPIA addressed in
GDPR Article 35, which states:
"Where a type of processing in
particular using new technologies ... is likely to result in a high
risk to the rights and freedoms of natural persons, the controller
shall, prior to the processing, carry out an assessment of the
impact of the envisaged processing operations on the protection of
personal data."
OneTrust's in-house privacy research team analysed and
incorporated guidance from well-respected EU regulator-based
sources and industry standards to create PIA and DPIA templates.
Instrumental sources include: Article 29 Working Party's group of
EU regulators, the German Standard Data Protection Model, the CNIL
PIA Manual & GDPR Toolkit, the UK ICO PIA Code of Practice, and
ISO/IEC 29134:2017 Guidelines for PIA.
Records of Processing (Data Mapping) Requirements in Article
30 of GDPR
A second significant operational and record keeping requirement
appears in GDPR Article 30:
"Each controller and, where
applicable, the controller's representative, shall maintain a
record of processing activities under its responsibility."
Although data inventory and mapping is not explicitly mentioned
in the GDPR, it is widely recognised that Article 30 requires an
organisation to conduct a data inventory and mapping exercise, and
most importantly, keep it up-to-date. In creating the Records of
Processing (Data Mapping) template to support this requirement,
OneTrust's research team incorporated available guidance including
the CNIL's GDPR Toolkit, the Belgian Privacy Commission's
Recommendation Concerning the Register of Processing Activities,
and many additional sources.
"The combination of deep privacy research paired with the
enterprise-grade configurability of the OneTrust solution continues
to make the OneTrust Privacy Management platform stand out in the
market for GDPR and privacy management software," said OneTrust CEO
Kabir Barday, CIPP/US, CIPP/E, CIPM,
CIPT. "Our global privacy team continues to conduct daily research
into the ever-changing regulatory environment and are committed to
offering the industry's leading, most comprehensive, and
easiest-to-use privacy management offering."
Click here to watch a video overview of the
regulatory guidance incorporated in OneTrust's privacy assessment
templates.
More than 100 regulators are expected to attend the
Hong Kong International
Conference of Data Protection and Privacy Comissioners from
25-29 September. OneTrust is a platinum sponsor of this conference,
and is hosting a workshop and social event in tandem with ICDPPC.
Registration is available online for both
events.
For more information, visit OneTrust or
email Info@OneTrust.com.
About OneTrust
OneTrust is a global leader in
enterprise privacy management software used by more than 1,500
organisations to comply with data privacy regulations across
sectors and jurisdictions, including the renowned EU General Data
Protection Regulation (GDPR).
OneTrust is among the most widely used global technology
solutions to implement a GDPR-based privacy compliance programme.
The comprehensive OneTrust platform helps organisations track the
full lifecycle of their personal data flows, analyse these data
flows against global regulations to understand risks, communicate
directly with customers, employees, and vendors to capture consent,
handle privacy-related requests, and respond appropriately in the
event of an incident.
The multi-lingual software is deployed in an EU cloud or
on-premise, and is based on a combination of intelligent scanning,
regulator guidance-based questionnaires, and automated workflows
used together to automatically generate the record keeping required
for an organisation to demonstrate compliance to regulators and
auditors.
OneTrust helps organisations implement the requirements of GDPR
including Data Protection by Design, Data Protection Impact
Assessments (PIA / DPIA), Vendor Management, Incident and Breach
Management, Records of Processing (Data Mapping), Consent
Management, ePrivacy Cookie Compliance, Data Subject Access,
Portability, and Right to Be Forgotten.
Backed by the founders of Manhattan Associates (NASDAQ: MANH)
and AirWatch ($1.54B acq. by VMware),
OneTrust is co-headquartered in London,
UK and Atlanta, GA with a
fast-growing global team of privacy and technology experts
surpassing 200 employees.
Media Contacts:
Kathryn
Thompson
Public Relations
+1 (678) 978-2650
Media@OneTrust.com
Logo -
https://mma.prnewswire.com/media/478210/OneTrust_Logo.jpg