Will Your Company Meet GDPR Requirements in a Sustainable Manner?

TrustArc Assessment Manager dashboard

No matter where you are in your journey to GDPR compliance, how you meet the requirements is very important.

With more than 200 pages and close to 100 different articles plus recitals, the EU GDPR introduces a broad range of privacy compliance requirements. Implementing your compliance roadmap after conducting a gap analysis will require implementing controls, measuring risk, and assigning tasks in a consistent, sustainable manner. While ad hoc processes and templates can create inconsistencies, using GDPR specific assessment templates will promote the consistency needed to meet the May 25th deadline and continue compliance beyond the deadline.

To help companies meet requirements in a sustainable manner, TrustArc has expanded its library of privacy assessments with the launch of over a dozen GDPR assessment templates available in the TrustArc Platform. Together, these assessments provide an automated and structured approach and methodology to translate complex privacy regulations into a streamlined review process.

Some key benefits include:

  • GDPR Focused: The assessments address GDPR requirements including Data Protection Impact Assessments (DPIA), Individual Rights, Legitimate Interests and Vendor Risk.
  • Automation for Sustainability: Powered by Intelligent Content, the assessments leverage automated functionality to make reporting faster and easier with capabilities such as gap analysis, risk calculations and remediation recommendations.
  • Expert Review: The GDPR Assessments were developed by TrustArc policy experts with the input and review from privacy regulators, external policy groups and law firms.

The TrustArc GDPR Assessment Library is part of the TrustArc Privacy Platform. Learn more here.

TrustArc GDPR Privacy Workshop & Webinar Series – 2018 Schedule

With less than five months to comply with the GDPR, the most sweeping change to data protection in the past 20 years, organizations in virtually every industry and geography are experiencing major challenges in meeting this deadline. In a recent IAPP survey measuring 500 privacy professionals’ perceived risk of not complying with the GDPR, U.S. and EU respondents ranked failure to prepare for the GDPR 72-hour breach notification, failure to conduct data inventory/mapping, and failure to obtain user consent as the top risk areas. To help mitigate GDPR compliance risks, enterprises list training employees on data protection and privacy, and investment in technology tools as the top action items.

To help companies address these risks and as a follow-up to the 2017 program which was filled to maximum capacity, we are offering another series of GDPR workshops and webinars to provide valuable training and education for businesses that must comply by the May 25th, 2018 deadline.  The GDPR workshops and webinars collectively attracted thousands of attendees in 2017 and will continue to feature expert instructors and focus on providing tips and best practices based on TrustArc’s proven methodology. The workshops and webinars are free of charge and attendees qualify for valuable CPE credits.

GDPR Workshops

Topics to be discussed in the workshops include: data mapping, records of processing activities, Article 30 and 35 reports, DPIAs, PIAs, individual rights management, GDPR HR data considerations, and GDPR technology solution and tool demonstrations.

2018 Schedule:

  • Silicon Valley: January 25
  • Dallas: February 1
  • London: February 8
  • Tampa: February 16
  • Atlanta: February 22
  • Salt Lake City: March 1
  • Boston: March 8
  • New York City: March 15
  • Chicago: March 22
  • Washington D.C.: March 29

GDPR Webinars

The webinars will focus on additional GDPR topics including marketing under the GDPR, appointing and supporting the DPO role, and incident response management. The complete list follows:

Privacy Insight Series Webinars – January-June, 2018 at 12 p.m. ET:

  • January 17: “Marketing Under the GDPR: What You Can and Cannot Do”
  • February 14: “Best Practices for Managing Individual Rights under the GDPR”
  • March 14: “Appointing and Supporting the DPO Role. What Tools Do You Need?”
  • April 18: “72 Hours’ Notice: Incident Response Management under the GDPR”
  • May 16: “One Week to Go – Are You Ready For May 25?”

For more information and to register:

  • GDPR Workshop Series, please click here.
  • GDPR Webinar Series, please click here.

Meet the TrustArc Privacy Experts Series – Paul Iagnocco


Paul Iagnocco
Senior Privacy Consultant

What drew you to privacy and how many years have you been in the privacy space?

Two things drew me to privacy. First, the “Internet of Things”; second, I have watched my children grow up with a lack of attentiveness to privacy in their personal lives – they’re so willing to share private details on social media, etc.  I realized that data is at the center of all of it, and I knew it was going to be a fascinating new future. Unchecked, data can have ramifications on personal privacy. I went to an IAPP conference where I realized there is a distinct body of knowledge in this area, and I have been hooked since then. This is my fourth year working exclusively in the privacy and data protection space.


Favorite GDPR Article and why

Article 12 – Transparent information, communication and modalities for the exercise of the rights of the data subject. Without openness and transparency, the rest is null and void, so to me, the most important aspect is telling individuals what you are doing to minimize the “surprise factor.” Being truthful and transparent lets people make informed decisions as to the value of what your company is doing with their data. The entire GDPR hinges on what a company is doing with the data and why.


One thing you’ve noticed that has changed about privacy since you’ve started

The volume and scale has increased significantly since when I first started. Initially, when I used to mention privacy, people would think about data breaches. Now, people are starting to see that the depth and breadth of the privacy space is very complex, beyond just a breach. I have worked in several different areas. When I was introduced to privacy I was in higher education, so I worked with FERPA. Then, when I started working in the technology space I focused more on data security and integrity matters. Next, I worked in marketing and looked at privacy from a B2B and B2C perspective. Finally, now I am looking at privacy from the operations perspective and implementing “privacy by design.”


Advice for new privacy practitioners

There is no right journey. Choose a couple areas to become an expert and then focus on those areas – you cannot tackle it all because the volume is too great. Change is happening very quickly and we are just beginning to see the tip of the privacy iceberg. For me, GDPR is going to become the tipping point that will ignite a behavior and awareness where privacy and data protections may not today. So jump in now. Once you have chosen the area to focus in on, gather as much experience as possible, and become a voracious reader. Learn through experience, networking with seasoned veterans and read.


As Kellogg’s first Chief Privacy Officer from August 2015 – January 2017, Paul was responsible for implementing a global privacy program that covers both consumer and employee privacy, including policies, procedures, contracts, assessments, training and education. In his prior 10 years at Kellogg, Paul served as senior director of global digital operations at Kellogg. In this capacity, he was responsible for identifying and leading the development and integration of marketing capabilities, including consumer product data initiatives, as well as corporate equity protection services around the globe. In addition, he has served as director for global digital strategy where he provided the vision and leadership in the building of a global digital marketing team, and as director of e-business where he was responsible for launching Kellogg’s initial e-commerce initiatives back in 2005.

Prior to joining the Kellogg Company, Paul was employed by Biggs|Gilmore agency in Kalamazoo, Michigan. There he co-created the Agency’s digital strategy discipline serving as senior digital strategist and digital account supervisor. In this capacity, he developed digital strategies and user experiences for Fortune 500 clients including, Brunswick Marine (consumer goods), Pfizer (healthcare), DuPont (automotive), Zimmer, Inc. (healthcare) and Kellogg’s (consumer packaged goods).

In addition to the above, he has served as director of Student Affairs Information Services (divisional CIO), and assistant dean of student life at Western Michigan University.

Paul has a secondary social studies teacher certification and Bachelor of Arts degrees in both Political Science and Public Administration from Western Michigan University.

TrustArc Helps Brands Demonstrate Regulatory Compliance & Build Trust

TrustArc - The New TRUSTe

In a recent article, DealCrunch provided a thorough review of TrustArc, its history, and the benefits it provides to clients. The following highlights are excerpts from that article.

In addition to helping clients around the globe meet certification requirements for frameworks such as Privacy Shield and APEC, the Assessment Manager module was introduced in 2015 to give companies a systematic way to check on the privacy implications of a certain action and then have the tools to respond. “It gives companies the ability to automate privacy risk assessments in-house,” said Dave Deasy, SVP Product & Marketing.

TrustArc Assessment Manager

As internet privacy and security come more into focus, the e-commerce industry has been subject to increasing regulatory compliance demands. Without a partner to help, many online companies can find themselves expending valuable resources on compliance.

The TrustArc Privacy Platform is technology that can solve those compliance woes, and, because it is constantly evolving to address new mandates and risks, it can help companies deal with future issues.

Through all the change that’s taken place in the online privacy assessment and management arena, and within TrustArc itself, one thing has remained: TrustArc’s commitment to helping brands back up what they say about data privacy.

To find out more about how TrustArc can help your organization prepare for the GDPR, speak to one of our privacy experts.


EBSCO Shows Commitment to Data Privacy through Privacy Shield Certification


EBSCO Industries, Inc. and its subsidiaries (EBSCO) have completed their certification for EU-US Privacy Shield, which is the international data transfer framework requiring that companies meet rigorous obligations to protect the personal data of Europeans. View EBSCO’s Privacy Shield certification here. It is monitored and enforced by the US Department of Commerce (DOC) and the Federal Trade Commission (FTC).

EBSCO’s certification demonstrates their commitment to consumer privacy and ensures that they transfer data in a safe way, in compliance with the Privacy Shield framework.

TRUSTe reviewed and verified that they comply with the EU-US Privacy Shield Framework; TRUSTe will also provide independent dispute resolution services to address privacy-related questions around customer data from users and ongoing access to privacy guidance.

“By working with TRUSTe, EBSCO is showing its commitment to protecting the privacy of its customers,” said Josh Torres, EBSCO’s Associate Counsel and Compliance Director. “This is one of many privacy and compliance initiatives at EBSCO, all being performed in an effort to ensure that our products and services directly and continually align with our core company values.”

Congratulations to EBSCO on its Privacy Shield Certification!

Find out more about TRUSTe Privacy Shield Solutions here: Privacy Shield

TRUSTe-EDAA Consumer Research wins IAB Europe Research Award


EDAA-TRUSTe Research mapping consumer attitudes and awareness of the European Self-Regulatory Programme for Online Behavioural Advertising (OBA), wins the IAB Europe Research Awards for the ‘Best Use of Research Budget’ category. This reflects that the joint industry effort in the Self- Regulatory Programme on OBA is making a real contribution to the development of the digital advertising industry and supports the strong value that the Programme provides to consumers, business and regulators alike. The European Advertising Consumer Research Index 2016 was carried out across 15 European countries and was conducted by Ipsos MORI, on behalf of the EDAA and TRUSTe from 04 – 20 November 2016 with more than 15,000 participants.

‘The research demonstrates, year on year, improvements in consumer recognition, understanding and favourability towards the tools provided by the EDAA to enhance choice and control over online, interest-based advertising in Europe, helping to build trust between consumers and the ad industry’ says Mathilde Fiquet, Vice-Chair at EDAA

The winners were announced on 23 May at the gala dinner held as part of IAB Europe’s Interact conference in Amsterdam.

Dave Deasy, SVP Marketing TRUSTe said, “we are excited to win the award and enjoyed working with EDAA on the research. The research demonstrates the Self-Regulatory Programme on OBA is providing consumers the level of privacy transparency and control they need and TRUSTe looks forward to continue providing technology and tools to support the Programme.” The IAB Research Awards are now in their seventh year and represent industry recognition for innovative research projects and the contribution they have made to the development of the digital advertising industry.

This is the second consecutive year that TRUSTe / EDAA research has been recognized for this award.

Access the full research report: European Advertising Consumer Research Report 2016.