New Risk Profile Capability Provides First-of-its-kind Automated Intelligence to Simplify Data Privacy Risk Management Analysis and Reporting


TrustArc, the leader in privacy compliance and data protection solutions, reinforces its position as a leader in operationalizing privacy compliance at scale with multiple feature enhancements to the TrustArc Privacy Platform.


The platform uniquely offers automated risk-management and privacy compliance workflows that integrate with existing business process systems so that organizations can efficiently manage risk and meet the obligations of global regulations, including the California Consumer Privacy Act (CCPA) and GDPR, at scale.


“Privacy expectations are growing. Global companies are embracing these heightened expectations by evaluating risk as it relates to global laws,” said Chris Babel, CEO, TrustArc.


“But the myriad of privacy regulations make it challenging to conduct risk assessments and operationalize privacy. We’ve updated the TrustArc Privacy Platform with new feature enhancements to simplify how organizations scale privacy compliance and manage the risks associated with that process.”


Platform Features Enable Automated Privacy Compliance at Scale


First-of-its-kind, the Risk Profile powers an automated, comprehensive view of risk that organizations incur as they operationalize privacy practices to meet the demands of global regulations.


Powered by the TrustArc Intelligence Engine, the Risk Profile automatically scores inherent and residual risk of various business activities. Privacy managers and business unit leaders can now access the risk information they need to know, when they need it, and in the right context. Together with the Privacy Profile, the Risk Profile creates a holistic view of privacy programs across all aspects of a business.


PrivacyCentral shows what laws apply to an organization and how to prioritize and manage compliance in a comprehensive way. The Risk Profile helps organizations understand their risk obligations as they relate to those different regulations.


    • Dashboard Widget: Using a simple scoring method, privacy managers and business leaders make a determination of how many risk factors are associated with any given business activity. With a high-level view and an ability to dive deep into risk factors, users get greater visibility into risk across their business — straight from the dashboard.
    • Risk Algorithm: The Risk Algorithm covers 40+ laws across the world. This intelligence helps companies identify high-risk business activities, determine the appropriate impact assessment, calculate the risk at the business activity level, and immediately understand overall organizational level risk.
    • Risk Evaluation Heat Map: Privacy leaders have full control to go deeper within any business activity level to further investigate risk. With an easy-to-use heat map, users can indicate the perceived inherent risk of a particular business process. Ultimately, this risk evaluation measures the inherent risk that provides the baseline for automatically calculated residual risk.
    • Dynamically Generated Impact Assessment Reports: Privacy owners can now manage privacy programs with the confidence that they have the right controls in place for risky systems and business activities. The risk algorithm streamlines users’ selection of an appropriate PIA. These assessments result in dynamic reports that can be used in executive meetings, audits, and other business reviews.


Data Inventory Hub enables companies to easily integrate with existing systems to identify and inventory data usage, create visual data flow maps, support DSAR / consumer rights requests, generate compliance reports, maintain audit trails, and much more.


New features include:


    • Configurable data elements, processing purposes, and data subjects, which allow companies to streamline the creation of data inventories and business processes while improving accuracy by eliminating end user error.
    • API integrations, including integrations with leading data discovery providers to dramatically simplify the process of creating and maintaining a data inventory or business process by integrating with existing sources of internal data.
    • Additional upload options, to simplify the process of building a data inventory.


The Platform Dashboard provides a centralized, configurable, extensive view of privacy programs and actionable insights to inform privacy program management. The Dashboard provides an extensive library of privacy and risk management widgets to quickly monitor KPIs for a wide range of compliance requirements.


New capabilities include:


    • Two new widgets to support individual rights/DSAR management by showing the number and type of opened and closed requests by location.
    • Another new widget to support consent management by providing information on consents over time in different locations and websites for different types of cookies.


Individual Rights Manager enables individuals to easily submit data subject access requests (DSARs) and companies to efficiently manage, evaluate and resolve requests within required timelines.


New features include:

    • Fully configurable request intake form including form fields, branding and language translations, to align with each customer’s unique business requirements.
    • Additional identity verification options of individuals with strong authentication. This provides companies flexibility to comply with various regulations while eliminating risk of mistaken or fraudulent identities.
    • Integration to third-party data sources, including data discovery tools and internal systems to streamline and automate fulfilling DSARs.
    • Customizable communication templates, which allow companies to tailor communications such as emails and pop-up windows to their specific needs.


Cookie Consent Manager is a powerful, flexible, proven solution to address cookie compliance. New features allow the Cookie Consent Manager to auto-detect if a website user is based in California or Nevada to serve the appropriate consent banner, a highly useful feature for CCPA compliance.