A more defensible privacy program, by default.
This quarter’s updates make GPC (Global Privacy Control) recognition on by default across core consent templates, introduces AI-summarised regulation comparison in Nymity Research, expands multilingual data subject request intake in Individual Rights Manager, refines compliance posture controls in PrivacyCentral, and new integrations programmatic assessment automation in Assessment Manager.
Unified consent and flexible scanning
Cookie Consent Manager Pro now honors consent choices across domains and all linked brand properties including both web and mobile for CCPA compliance. Consent is recognized and applied consistently, so users no longer need to re-consent across browsers or brand sites.
Consent scanning is also more flexible, with manual and scheduled scans now operating independently. Trigger a manual scan at any time without interrupting your automated schedule. Global Privacy Control (GPC) signal recognition is enabled by default across all standard templates so that any new implementations are compliance-ready from the start. Any new templates created by cloning a template will automatically inherit GPC settings. For existing templates, GPC recognition will activate on your life site after your next Publish action.
Smarter consent & preference forms
Enjoy faster setup and automatically display the latest fields for repeat users within Consent and Preference Manager. You can create Data Subject Types (e.g., Customer, Employee, or Vendor) directly inside the form builder without navigating away when configuring your form to prevent duplicates and ensure required fields. You can also save returning users time by mapping key fields (e.g., First Name, Last Name, Email, and Privacy Consent), when setting up a Data Subject Type, so those details are pre-populated when they return.
Sharper DSR form administration
Administrators have more oversight within Individual Rights Manager forms, including more visibility on configuration changes, more control over form behavior and a faster path to getting DSR intake forms up and running. In the new Activity Log, administrators can track every configuration change, including who made it and when. The log supports filtering, search, sorting, and CSV export making it easy to track changes.
Forms that include multi-select dropdown fields can also now have a maximum set by administrations, creating more consistency and finer control over forms. There is also a new Quick Action to support creating and publishing an DSR intake form in a guided step-by-step workflow including a live preview.
Evaluate your compliance globally
Continually assess and track your global compliance posture across 140+ standards in PrivacyCentral. Check out the latest additions to reduce your risk and proactively ensure your governance and compliance is in place:
- ISO 27001/2025
- South Africa POPIA Regulations
- India Cyber Incident Reporting Direction
- India Intermediaries IT Rules
- India Cyber Cafe IT Rules
- India Electronic Service Delivery Rules
- India Reasonable Security Practices and Procedures
- Vietnam Decree No. 356/2025/ND-CP
AI-powered comparisons, emerging technologies guidance, and more
Nymity Research now generates an AI-powered summary when you compare regulations across countries in the Topics comparison table, giving you an at-a-glance overview of key similarities and differences without manual cross-referencing. Whether you’re comparing cookie requirements across India, the UK, and Ireland or any other combination, the analysis is done for you.
Leverage new guidance on emerging technologies, refreshed operational templates, and an expanded law library:
- Three new Privacy Watch pages have been added to help your team stay ahead of fast-moving topics: Neural Technologies, Surveillance Pricing, and an update covering emerging regulatory interest in AI and automated systems. These pages provide focused, practical insight into areas attracting increasing regulatory scrutiny.
- Five new Core Concept pages have been added to the platform, covering Blockchain, Health Scribes, Age Assurance, Business Continuity and Disaster Recovery, and Data Localization vs. Data Sovereignty. These additions reflect areas where privacy obligations are evolving quickly and where organizations frequently need clear, accessible guidance.
- Operational templates for PMC 3 (Maintain Internal Data Privacy Policy) and PMC 5 (Conduct Privacy and Data Protection Training and Awareness) have been refreshed. For PMC 3, jurisdiction-specific templates have been consolidated into globally-oriented versions that better reflect current privacy obligations, with duplicative content removed and language updated to reflect today’s regulatory landscape. PMC 5 adds 14 new templates covering the full scope of privacy training and awareness:
- Key Considerations for a Comprehensive Employee Privacy Training Program
- Employee Training on the Use of Artificial Intelligence
- Privacy Training for Specific Job Requirements: Assessment and Delivery Checklist
- Checklist for Conducting Refresher Privacy Training
- Integrate Privacy Topics into Other Training Programs
- Training in Response to Timely Issues (Checklist)
- Considerations for Delivering a Privacy Newsletter
- Considerations for Maintaining an Internal Data Privacy Repository
- Engagement Strategies for Employee Privacy and Security Training
- Planning and Delivering a Privacy Awareness Event
- Measure Participation and Comprehension in Privacy Training Activities (Framework and Checklist)
- Considerations for Enforcing Privacy Training
- CPO/DPO Training and Development Framework
- Considerations for Maintaining Privacy Qualifications
Together, these updates mean your templates are better aligned with how modern privacy programs operate across borders.
- Topic pages for 20 jurisdictions have been updated across the two releases, including Canada (Quebec, Alberta, British Columbia), Indonesia, Colombia, Ghana, Oklahoma, and others spanning Africa, the Middle East, Latin America, and the Caribbean. Alabama’s new Consumer Privacy Act has also been added to the database as part of ongoing US state law tracking.
The law library has seen one of its largest recent expansions, with more than 25 pieces of new and updated legislation added across the two releases. Coverage spans the EU, Brazil, Chile, Ecuador, Egypt, El Salvador, Indonesia, Laos, Switzerland, Türkiye, the UK, and multiple US states including California, New York, Oklahoma, South Dakota, Utah, Washington, and Wyoming. Notable additions include the EU’s enforcement regulation for GDPR (Regulation 2025/2518), Brazil’s Digital Statute of Children and Adolescents, Egypt’s Personal Data Protection Law executive regulations, and a range of new US state laws addressing AI, deepfakes, student privacy, and digital content standards. Updated legislation for Kentucky, Utah, and Virginia consumer privacy acts is also now reflected.
More automation to your assessment workflows
New triggers are available for TrustArc Integrations to respond to assessment and assessment task status creation and changes. This includes tag activity, due date tracking, and answer-level auditing allowing you to:
- Automate workflows triggered by assessment tag additions or removals
- React to task due date changes in real-time for escalation and SLA workflows
- Capture answer-change events for audit trails and downstream data sync
To get started, create a new recipe in Integrations and select the relevant trigger from the TrustArc Assessment Manager connector event list.
