TrustArc Expands Data Privacy Platform to Automate and Simplify Management of Privacy and Third-Party Risk

Copy of RP Blog

TrustArc has announced a significant expansion to the TrustArc Privacy Management Platform that simplifies and automates the process of managing privacy and data risk across the entire organization. Delivered through TrustArc’s Risk Profile, the new capabilities provide a comprehensive view of risk across company processes and third-party systems and generate automated, actionable business insights. 

Risk Profile is unique in its ability to bring together considerations with respect to privacy, data-related, and third party risk, and how to manage a privacy program. To do this, Risk Profile reviews data and records a company processes, whether internal or from third-parties. It then provides an immediate, continuous evaluation of company risk in accordance with specific laws and corresponding mitigation recommendations. New capabilities of the Risk Profile include:

  • Automated and comprehensive view of risk across third-party data and internal processes as it pertains to more than 130 laws globally;
  • Through a dynamic dashboard with drill-down capabilities, an aggregate view of privacy risk across all systems, vendors, partners, and business activities for simple and holistic management and operations; 
  • Extension of TrustArc’s Risk Algorithm library 5-fold to nearly 1800 rules across 130 countries; and,
  • Simple visualization of risk factor distribution across regions and countries.

These features make it easier for organizations to: identify high-risk business activities tied to data use  within their company, detect and prioritize third-party risk, conduct the appropriate risk evaluations, calculate the risk at the business-activity level, aggregate risk across the company, and allow stakeholders to quickly align around risk-mitigation priorities. 

“TrustArc is the only company that offers a fully automated privacy platform with the depth of privacy intelligence required to navigate today’s complicated regulatory environment and unpredictable business challenges,” said Chris Babel, CEO, TrustArc. “The new capabilities of the Risk Profile provide a simplified view of risk obligations to facilitate quick business decision making. These critical new features further cement customers’ ability to develop a holistic and scalable privacy program.”

To learn more about the TrustArc Risk Profile, read the solutions brief or schedule a demo today. TrustArc will also be hosting a webinar on “Third-Party Risk Management: How to Identify, Assess & Act” on 5/20. Register here.



TrustArc Platform Enhancements Automate Risk Management and Privacy Compliance for CCPA, GDPR

11 12 Blog 1

TrustArc reinforces its position as a leader in operationalizing privacy compliance at scale with multiple feature enhancements to the TrustArc Privacy Platform. The platform uniquely offers automated risk-management and privacy compliance workflows that integrate with existing business process systems so that organizations can efficiently manage risk and meet the obligations of regulations around the globe, including the California Consumer Privacy Act (CCPA) and GDPR, at scale.

“Privacy expectations are growing. Global companies are embracing these heightened expectations by evaluating risk as it relates to global laws,” said Chris Babel, CEO, TrustArc. “But the myriad of privacy regulations make it challenging to conduct risk assessments and operationalize privacy. We’ve updated the TrustArc Privacy Platform with new feature enhancements to simplify how organizations scale privacy compliance and manage the risks associated with that process.”

Platform Features Enable Automated Privacy Compliance at Scale

First-of-its-kind, the Risk Profile powers an automated, comprehensive view of risk that organizations incur as they operationalize privacy practices to meet the demands of global regulations.

Powered by the TrustArc Intelligence Engine, the Risk Profile automatically scores inherent and residual risk of various business activities. Privacy managers and business unit leaders can now access the risk information they need to know, when they need it, and in the right context. Together with the Privacy Profile, the Risk Profile creates a holistic view of privacy programs across all aspects of a business. The Privacy Profile shows what laws apply to an organization and how to prioritize and manage compliance in a comprehensive way. The Risk Profile helps organizations understand their risk obligations as they relate to those different regulations.

  • Dashboard Widget: Using a simple scoring method, privacy managers and business leaders make a determination of how many risk factors are associated with any given business activity. With a high-level view and an ability to dive deep into risk factors, users get greater visibility into risk across their business — straight from the dashboard.
  • Risk Algorithm: The Risk Algorithm covers 40+ laws across the world. This intelligence helps companies identify high-risk business activities, determine the appropriate impact assessment, calculate the risk at the business activity level, and immediately understand overall organizational level risk.
  • Risk Evaluation Heat Map: Privacy leaders have full control to go deeper within any business activity level to further investigate risk. With an easy-to-use heat map, users can indicate the perceived inherent risk of a particular business process. Ultimately, this risk evaluation measures the inherent risk that provides the baseline for automatically calculated residual risk.
  • Dynamically Generated Impact Assessment Reports: Privacy owners can now manage privacy programs with the confidence that they have the right controls in place for risky systems and business activities. The risk algorithm streamlines users’ selection of an appropriate PIA. These assessments result in dynamic reports that can be used in executive meetings, audits, and other business reviews.

Data Inventory Hub enables companies to easily integrate with existing systems to identify and inventory data usage, create visual data flow maps, support DSAR / consumer rights requests, generate compliance reports, maintain audit trails, and much more. New features include:

  • Configurable data elements, processing purposes, and data subjects, which allow companies to streamline the creation of data inventories and business processes while improving accuracy by eliminating end user error.
  • API integrations, including integrations with leading data discovery providers to dramatically simplify the process of creating and maintaining a data inventory or business process by integrating with existing sources of internal data.
  • Additional upload options, to simplify the process of building a data inventory.

The Platform Dashboard provides a centralized, configurable, extensive view of privacy programs and actionable insights to inform privacy program management. The Dashboard provides an extensive library of privacy and risk management widgets to quickly monitor KPIs for a wide range of compliance requirements. New capabilities include:

  • Two new widgets to support individual rights/DSAR management by showing the number and type of opened and closed requests by location.
  • Another new widget to support consent management by providing information on consents over time in different locations and websites for different types of cookies.

Individual Rights Manager enables individuals to easily submit data subject access requests (DSARs) and companies to efficiently manage, evaluate and resolve requests within required timelines. New features include:

  • Fully configurable request intake form including form fields, branding and language translations, to align with each customer’s unique business requirements.
  • Additional identity verification options of individuals with strong authentication. This provides companies flexibility to comply with various regulations while eliminating risk of mistaken or fraudulent identities.
  • Integration to third-party data sources, including data discovery tools and internal systems to streamline and automate fulfilling DSARs.
  • Customizable communication templates, which allow companies to tailor communications such as emails and pop-up windows to their specific needs.

Cookie Consent Manager is a powerful, flexible, proven solution to address cookie compliance. New features allow the Cookie Consent Manager to auto-detect if a website user is based in California or Nevada to serve the appropriate consent banner, a highly useful feature for CCPA compliance.

Learn more about TrustArc privacy solutions here.


TrustArc Announces New Privacy Platform Enhancements

New Privacy Platform Enhancements

TrustArc has announced several exciting enhancements to our Privacy Platform! These new capabilities will help companies better manage their privacy programs.

The Privacy Platform helps provide end to end privacy management through a series of modules designed to address a wide range of privacy functions, including data inventory and mapping; privacy risk assessments; consent management; and individual rights and data subject rights requests.

The new privacy assessments include:

  •        Inherent Risk
  •        DPIA Controls
  •        Consent
  •        Legitimate Interests
  •        Right to Object
  •        Third Party Risk
  •        International Data Transfer
  •        Automated Decision Making

These new assessments feature a revolutionary modular design that intelligently matches the assessments to the unique requirements of a business in real time, significantly reducing the amount of time required to complete the compliance review process. Developed by TrustArc privacy experts in conjunction with input from leading privacy organizations, the assessments include remediation guidance to address any identified gaps.

Along with these assessments, the Assessment Manager module of the platform now includes a comprehensive, highly visual GDPR Article 35 DPIA report that contains:

  •        Risk heat map
  •        Controls effectiveness score
  •        Inherent risk
  •        Residual risk
  •        Summary of processing purposes and data types

The report is intelligently calculated, assembled from various data sources, and exportable into a PDF format, which can be easily shared with internal stakeholders and regulators.

To see these new enhancements and learn how they can help your company manage privacy compliance, click here.

New Analyst Report on Using Technology Platforms to Manage Privacy

GRC 2020 report imagev2 copy

Michael Rasmussen of GRC 20/20 Research has been noted as the “Father of Governance, Risk, and Compliance (GRC)” – being the first to define and model the GRC market in 2002 while at Forrester. In this new report, he explores the challenges organizations face when complying with privacy regulations such as the EU GDPR.

Privacy is a highly dynamic, moving target that requires compliance management to identify and mitigate the compliance, brand, and business risks associated with processing personal data. Accordingly, organizations need an integrated collaborative process and technology architecture that can span distributed privacy and business functions. They also need situational privacy awareness across operations, processes and relationships.

The report advises that due to the increasing complexity of the regulatory landscape, manual and ad hoc privacy management approaches have become unsustainable. Further, existing enterprise GRC solutions can be too broad or lack the depth of privacy content and process needed in the organization. A technology platform designed for enterprise-wide privacy compliance is the solution.

The report includes a review of the TrustArc Privacy Platform as a solution that has the agility to manage privacy in a dynamic environment. The report is based in part on interviews with TrustArc clients and notes that “TrustArc has a significant installed base for privacy GRC across a range of geographies and industries”. The report concludes that:

“[ TrustArc clients] consistently state that TrustArc has dramatically improved the quality of their privacy compliance and risk information and their ability to report on compliance… Across these clients, there is consistent praise for the value in the ongoing cost of ownership … with improved effectiveness and agility to reliably achieve objectives while reducing uncertainty and risk.”    

For more information on the “Agility in Managing Privacy in Dynamic Environments” report, contact us or download the report here.

TrustArc Platform Receives Two Industry Accolades


The TrustArc Platform has received two new industry accolades, further confirming it as a leading governance, risk and compliance solution for privacy, security and risk management.

First, the TrustArc Platform is a 2018 International Business Awards Stevie® Gold Winner in the category of “Best GRC Solution”. The 2018 IBA Awards received entries from 74 nations and territories. More than 3,900 nominations from organizations of all sizes and in virtually every industry were submitted this year for consideration in a wide range of categories. “This year’s Stevie Award winners in the IBAs are the most distinguished group of winners we’ve had yet,” said Michael Gallagher, president and founder of the Stevie® Awards.

In addition, the TrustArc Platform has been named a Finalist in the 2018 SaaS Awards in the category of “Best Security Innovation in a SaaS Product”. SaaS Awards and Cloud Awards organizer Larry Johnson said, “All entrants demonstrated considerable commitment to innovation in software solutions, and to make the shortlist itself is a huge achievement. With such a concentrated level of success in the shortlist, our judges have a significant task ahead of them to arrive at our final award winners.”

Chris Babel, CEO of TrustArc, announced the two accolades in a press release, stating “We are honored to receive these award recognitions for our flagship SaaS privacy management platform. Our technology is constantly evolving in tandem with the rapidly-changing regulatory landscape to enable our customers to meet challenges and scale their compliance with global regulations such as the EU GDPR, EU–US Privacy Shield and APEC CBPR.”

For more information about the TrustArc Data Privacy Management Platform, please visit:

TrustArc Announces GDPR Validation

GDPR Validation Monitor


While GDPR Articles 40-43 contain provisions outlining certification programs and codes of conduct that may be established in the future, companies are seeking efficient, independent ways to benchmark and report on their compliance efforts now. The TrustArc GDPR Validation is designed to meet that need.  

In a press release announcing the launch of GDPR Validation, Chris Babel, CEO of TrustArc, stated that “TrustArc is leveraging its decades of privacy certification leadership and experience to provide a GDPR validation solution that can help companies meet the needs of their customers, partners and other stakeholders — now and after the May 25 deadline to comply”.

The Validation Requirements are mapped to each applicable Article of the GDPR, Article 29 Working Party guidelines, ISO 27001 and other relevant standards. Companies choosing the GDPR Validation can demonstrate their GDPR compliance efforts and status using intelligent technology-powered assessments, managed services and independent compliance validation.

Validation scope options include:

  • Program Validation for a company-wide GDPR program, and/or
  • Practices Validation for specific GDPR-impacted processes and technologies.

The solution is powered by  the Assessment Manager module of the TrustArc Platform to simplify the process of managing the assessment, identifying gaps, reviewing remediation recommendations, assigning tasks, recording the audit trail of changes, and generating reports.

For more information on the TrustArc GDPR Validation, please contact us.