Más contenido relacionado

Más de TrustArc(20)


TrustArc Webinar: DPIA Compliance

  1. 1 © 2023 TrustArc Inc. Proprietary and Confidential Information. Understanding the 3 Best Practices for DPIA Compliance
  2. 2 Speakers Paul Iagnocco Customer Enablement Lead and Senior Privacy Consultant TrustArc Berta Balanzategui European Senior Privacy & Data Protection Counsel, General Electric Company Joanne Furtsch Privacy Intelligence Development Director TrustArc
  3. 3 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
  4. 4 What, Why, When… Getting Started… Know Your Data… Agenda High-Risk Processing Activities Present? Demonstrate Your Due Diligence… How TrustArc Can Help? Questions & Answers
  5. 5 What, Why, When…
  6. 6 Understanding Data Protection Impact Assessments What… is a DPIA? A type of PIA with a focus on data protections. Designed to assess risk associated with processing activities posing a high risk to individuals. Why… a DPIA? Identify controls needed to address and reduce risk. Ensure appropriate data protections are in place to comply with GDPR. When… to use a DPIA? Processing activities present high- risk to individuals. Complete prior to engaging in high risk processing activities.
  7. 7 High Risk Processing of Personal Data – 10 Defined Conditions
  8. 8 High Risk Processing of Personal Data – 10 Defined Conditions (cont.)
  9. 9 Getting Started…
  10. 10 Preparation • Meet with business risk officer to understand “risk “appetite” and “risk tolerance.” • Need to understand risk in the business culture, strategy and corporate governance. Risk Posture • Start with internal functions that collect and process S/PII • Need to identify those business functions that have been processing S/PII; Need specifics Identify internal/external S/PII processing • Determine if this is done using software or spreadsheets • Once identified, communicate the process to key stakeholders Format & Process
  11. 11 Know Your Data…
  12. 12 Complete Data Inventory • Identify data flows, systems, and vendors • Includes necessary information for completing a DPIA Business Processing Activities & SMEs • Information about the processing, data elements involved and level of sensitivity • Systems and 3rd parties involved Record • The origins and transfers of information • The inherent risk of the processing activity Analyze
  13. 13 High-Risk Business Processing Activities Discovered?
  14. 14 High-Risk Processing Activities Present?
  15. 15 Conducting a DPIA • Develop and document DPIA methodology and process • Identify tools necessary for completing DPIAs Build DPIA Assessment • Identify and engage stakeholders needed to complete DPIAs • Create awareness and communicate process Complete DPIA • Determine type of assessment needed • Manage and report on remediation activities and outcomes Assess & Remediate
  16. 16 Demonstrate Your Due Diligence…
  17. 17 Be Prepared to Demonstrate • Need to determine who owns these • Data Inventory: Need to complete GDPR Article 30 - ROPAs • DPIAs: Need to complete GDPR Article 35 Reporting: data inventory & DPIAs • Need to determine who owns these • Need to draft & implement workflows: data inventory, risk evaluation and DPIA • Need to align on revalidations: frequency, updates Current Efforts: workflows & revalidations • Need to determine who owns this • Store reports in a centralized location (sharedrive) • Limit access to specific job functions Centralized Privacy Impact Depository
  18. 18 How TrustArc Can Help?
  19. 19 Data Inventory Development Data Inventory Hub Build a data inventory and record of processing utilizing advanced collaboration features. Perform data mapping, export pre-built reports such as Article 30 or Business Process reports.
  20. 20 Data Inventory Development (continued) Data Inventory Hub For areas of your data record where you need human input, send out configurable forms via email.
  21. 21 Data Inventory Development (continued 2) Risk Profile Automatically score and evaluate privacy risk metrics on existing records including Systems, Vendors, Company Affiliates, and Internal Processes.
  22. 22 Data Inventory Development (continued 3) Risk Profile Generate automated follow up actions for each record. Know when your need to conduct a DPIA/PIA or Vendor Assessment. Download and export automated company and vendor risk reports.
  23. 23 DPIA Management Assessment Manager End-to-End assessment management solution. Launch PIAs, Vendor Assessments, and more. Automate reviewal, risk scoring, revalidation, notifications, action plan, and follow up tasks.
  24. 24 DPIA Management (continued) Assessment Manager Pre-Built Templates crafted by privacy experts and thought leaders, completely configurable in TrustArc’s Template Editor. Upload any assessment and begin automation today.
  25. 25 DPIA Management (continued 2) Assessment Manager Based on the responses to the questions… • Conditional Questions: Reveal new questions • Auto-Assessment: Assign a separate assessment • Early Exit: Auto-Approve and end the assessment • Approval Routing: Assign a specific approver • Assign Tasks: Auto assign tasks • Auto Emails: Auto assign emails • Risk Scoring: Auto assign risk per question Save time with no human effort required! Most advanced assessment automation features on the market. Fully implement an assessment process that will automate the existing manual reviewal, risk calculation, and task delegation process.
  26. 26 26 Thank You! See for the 2023 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with privacy and data security compliance, please reach out to for a free demo.