TrustArc announced major updates to Nymity Awareness Tracker, the first compliance solution on the market to streamline contextual privacy awareness across an entire business. Privacy legislation such as the General Data Protection Regulation (GDPR) in Europe and the upcoming California Consumer Privacy Act (CCPA) in the US have elevated the visibility of privacy professionals in the corporate world. However, many still feel confused about which privacy rules apply to them and the teams they support. With the Nymity Awareness Tracker, employees can hone in on areas of legislation that are relevant to their role and location and receive tailored updates that are easy to understand.
Awareness Tracker provides simple, one-stop access to privacy awareness learning, helping to reduce risk while increasing engagement, knowledge and accountability across an entire organization. With gamification elements designed to make privacy learning fun, its mission is to empower privacy champions at every level of the business.
Key benefits of the Awareness Tracker include:
- The ability to maintain awareness across the organization in a few minutes each week
- Engaging infographics and visuals to support the learning process
- The power to reward Privacy Champions with status as their knowledge improves
- Built in user feedback to continually improve the content relevance by audience
- CPE credits
“Privacy compliance is complex, ever changing and can often seem overwhelming,” said Terry McQuay, TrustArc Vice President, Knowledge & Intelligence Solutions and Founder of Nymity. “Awareness Tracker makes privacy regulations and concepts easy to understand for business units whose primary responsibility is not privacy. Businesses need tools to help their teams navigate the ever-changing privacy legislative landscape. Awareness Tracker helps them do this, allowing businesses to empower Privacy Champions in an engaging and fun way.”
To learn more about Awareness Tracker, click here.
TrustArc recently announced the acquisition of Nymity – click here to learn more.
The European Union’s (EU) General Data Protection Regulation (GDPR) is the most sweeping change to data protection in the past 20 years, and will go into effect in less than a year. Its impact will be felt by every organization that does business in the EU, or handles personal information of EU citizens in any manner.
We benchmarked the status of 200 U.S. companies’ efforts to meet privacy mandates in general, and in particular to meet the May 25, 2018 deadline for the GDPR. The survey was conducted by Dimensional Research on behalf of TrustArc.
On July 26, as the first webinar in the Summer/Fall TrustArc Privacy Insight Series, we had privacy experts talk about what they’ve been seeing as the causes behind some of the key statistics in our research.
The study results showed that 95% of organizations say that the need for technology to help manage privacy is growing. Why the shift from privacy being primarily a policy issue handled by the legal office toward privacy becoming an operational issue requiring sophisticated solutions to manage? Digital Accountability.
Now privacy is a business issue, and compliance requires the entire organization to participate. New requirements around things like Verifiable Consent, the Right to be Forgotten, and Privacy by Design touch departments such as marketing and product. Because accountability now goes beyond the legal team, organizations need solutions to verify and demonstrate that GDPR requirements are being met.
Results also demonstrated that 83% of organizations expect their GDPR spending to exceed $100,000 dollars. While larger organizations plan to spend even more, most organizations are prepared to spend a lot. The deadline is approaching fast and many organizations have a shortage of internal resources. Although the cost may seem high, companies can maximize their investment by taking an integrated approach by having all teams work together toward compliance. Additionally, ensuring that the technology used for compliance is integrated into a long term plan will help get the most out of the investment.
You can read the full report or listen to the webinar on demand. If your organization needs help building, implementing, or demonstrating GDPR compliance, TrustArc offers solutions to help, no matter where your organization stands against the GDPR requirements. Contact us today.
The results of the TrustArc / Dimensional research report on the status of U.S. Privacy and GDPR Compliance Programs will be shared in a three-part blog post series:
- To review Part 1, the General Privacy Market Results, click here
- To review Part 2: GDPR Compliance Results, click here
- Part 3: Privacy Program Implementation Results
Companies report needing help in a wide range of areas, topped by GDPR planning, international data transfer, compliance reporting, conducting PIAs / DPIAs, and data inventory.
Many GDPR implementation plans begin with conducting a data inventory; however, companies face three common challenges when it comes to data inventory. The three challenges cited most by the privacy professionals surveyed were difficulty to maintain and update privacy programs (57%), lack of appropriate tools and technology (56%), and lack of internal resources (54%).
50% of the respondents preferred dealing with outside vendors that could provide both tools and technology, together with process/legal expertise.
In terms of desired capabilities for third party vendors, the most important in terms of priority ranking were knowledge of the customer’s industry (48%) and years of experience (39%).
To download a copy of the TrustArc “Privacy and the EU GDPR” research report, click here.
Part 2 of our three part series reviews results from the TrustArc / Dimensional research report on the status of U.S. Privacy and GDPR Compliance Programs.
- To review Part 1, the General Privacy Market Results, click here
- Part 3 will include Privacy Program Implementation Results.
- In Part 2 of this series, we will share the GDPR Compliance Results.
For all companies responding, approximately 40% are still designing their GDPR plan and only about 10% have GDPR plans well underway. Many companies have a significant amount of GDPR implementation ahead of them.
Responding companies have set aside relatively large budgets for GDPR compliance for 2017-2018. For all companies responding, the #1 budget amount cited was between $100,000 to $500,000 (42%), with the #2 budget cited between $500,000 and $1,000,000 (23%). GDPR compliance budgets of over $1 million accounted for 9% of small companies, 19% of mid-size companies and 23% of large companies.
Nearly 1 in 4 large companies plan to spend over $1 million on GDPR compliance.
GDPR investments will go to a wide range of initiatives including consultants, internal hiring, and additional technology and tools.
In Part 3 of this series, we will reveal program implementation results. To read the full results now, download a copy of the TrustArc “Privacy and the EU GDPR” research report, click here.
While some organizations have written about the impending GDPR deadline and potential fines, or re-printed an exact copy of the text itself, TRUSTe has taken the 200+ pages of the GDPR and translated it into practical implementation steps for an organization of any size or maturity.
The implementation steps are grouped into five actionable phases:
- Building a Program and Team
- Assessing Risks and Creating Awareness
- Designing and Implementing Operational Controls
- Managing and Enhancing Controls
- Demonstrating Ongoing Compliance
A sample implementation step is developing a DPIA program, which includes creating templates, conducting DPIAs, managing remediation, and providing compliance reports.
The guide also includes references to specific articles, best practices tips, and which stakeholders in your organization should be involved with each implementation step. Because involving stakeholders outside of the privacy office can sometimes require speaking the language of the department you are trying to engage, the guide also includes examples of how compliance can benefit various departments:
- Information Technology: identifying storage redundancies can reduce IT complexity and save IT dollars.
- Information Security: understanding what data reside in which systems can help Security prioritize their protection efforts and establish appropriate access controls.
- Operations: visualizing flows and uses of data throughout the company can help Operations identify redundancies and improve efficiencies.
- Procurement: identifying points at which the company shares information with third party vendors and understanding the sensitivity of the data being shared can help procurement approach third party management and contracts in a risk-based, efficient approach.
Tips like these will enable your organization to begin implementation items today. Everything you put in place ahead of the deadline will enhance your overall privacy program and further your efforts to minimize risk, ensure compliance, build trust, and protect your brand.
Get this GDPR Essential Guide to help you on your path to GDPR compliance.
If you need technology solutions backed by expert privacy consultants that can help your organization with its GDPR needs, contact us today to learn more.