TrustArc Webinar - Master Your Data Inventory And Meet Your ROPA Requirements
TrustArc
341 views
15 slides
Sep 26, 2024
Slide 1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Presentation
Are you collecting personal data as part of your business? Let’s face it. Most businesses today rely on some amount of personal data, whether it’s related to HR practices, employee relations, or generating leads for your sales team. Personal data is a key component in how many internal processes...
Slide Content
© 2024 TrustArc Inc. Proprietary and Confidential Information.
Master Your Data Inventory And
Meet Your ROPA Requirements
Master Your Data Inventory And
Meet Your ROPA Requirements
2
Legal Disclaimer
The information provided during this webinar does
not, and is not intended to, constitute legal advice.
Instead, all information, content, and materials presented during
this webinar are for general informational purposes only.
Legal Disclaimer
The information provided during this webinar does
not, and is not intended to, constitute legal advice.
Instead, all information, content, and materials presented during
this webinar are for general informational purposes only.
3
Speakers
Kristen Nosky
VP of Product Management
TrustArc
Deborah Nitka
Privacy Services Lead, Cybersecurity,
Technology Risk and Privacy
CohnReznick
Dominika Partelova
Global Data Protection Officer
Edgewell
Speakers
Kristen Nosky
VP of Product Management
TrustArc
Deborah Nitka
Privacy Services Lead, Cybersecurity,
Technology Risk and Privacy
CohnReznick
Dominika Partelova
Global Data Protection Officer
Edgewell
4
What is a data inventory?
Single source of truth of all the relevant data about the personal data an organization is processing.
Maps an organizationʼs data for compliance with regulations (e.g., GDPR and CCPA).
What personal data an organization:
-Collects
-Uses
-Publishes
-Modifies
-Vides
-Accesses
-Shares
-Stores
-Sells
-Deletes
Terminology clean-up: Data inventory/mapping (vs. ROPA) vs. data catalog?
What is a data inventory?
Single source of truth of all the relevant data about the personal data an organization is processing.
Maps an organizationʼs data for compliance with regulations (e.g., GDPR and CCPA).
What personal data an organization:
-Collects
-Uses
-Publishes
-Modifies
-Vides
-Accesses
-Shares
-Stores
-Sells
-Deletes
Terminology clean-up: Data inventory/mapping (vs. ROPA) vs. data catalog?
5
GDPR - Article 30
Article 30 requires all details of personal information collection, where itʼs
stored, shared, and used, and who is responsible for those data records. The
record of processing activities (ROPAs) must be in writing, including
electronic form.
Controllers and Processors are required to record the following activities:
●The name and contact details of the controller (and if applicable)
the joint controller, the controllerʼs representative, and the data
protection officer.
●The purposes of the processing
●A description of the categories of data subjects AND the
categories of personal data
●The categories of recipients to whom the personal data have been
or will be disclosed
●The legal basis for the specific processing activities
●Where applicable, transfers of personal data to a third country
including the identification of that third country and in the case of
transfers the documentation of suitable safeguards (adequacy)
●Where possible, the time limits for deleting the different
categories of data
●Where possible, a general description of the technical and
organizational security measures
Although there is no specific requirement to maintain a data
inventory in the CCPA, complying with the regulation for vendor
management is nearly impossible without a data inventory. The
requirements of the CPRA also necessitate a data inventory.
Businesses are required to record the following activities:
●The categories of personal information it has collected
about that consumer.
●The categories of sources from which the personal
information is collected.
●The business or commercial purpose for collecting, selling,
or sharing personal information.
●The categories of third parties to whom the business
discloses personal information.
●The specific pieces of personal information it has collected
about that consumer.
CCPA & CPRA - Section 1798.130
GDPR - Article 30
Article 30 requires all details of personal information collection, where itʼs
stored, shared, and used, and who is responsible for those data records. The
record of processing activities (ROPAs) must be in writing, including
electronic form.
Controllers and Processors are required to record the following activities:
●The name and contact details of the controller (and if applicable)
the joint controller, the controllerʼs representative, and the data
protection officer.
●The purposes of the processing
●A description of the categories of data subjects AND the
categories of personal data
●The categories of recipients to whom the personal data have been
or will be disclosed
●The legal basis for the specific processing activities
●Where applicable, transfers of personal data to a third country
including the identification of that third country and in the case of
transfers the documentation of suitable safeguards (adequacy)
●Where possible, the time limits for deleting the different
categories of data
●Where possible, a general description of the technical and
organizational security measures
Although there is no specific requirement to maintain a data
inventory in the CCPA, complying with the regulation for vendor
management is nearly impossible without a data inventory. The
requirements of the CPRA also necessitate a data inventory.
Businesses are required to record the following activities:
●The categories of personal information it has collected
about that consumer.
●The categories of sources from which the personal
information is collected.
●The business or commercial purpose for collecting, selling,
or sharing personal information.
●The categories of third parties to whom the business
discloses personal information.
●The specific pieces of personal information it has collected
about that consumer.
CCPA & CPRA - Section 1798.130
6
Why create a data inventory?
Cross Border Data Transfers: Understand the personal data
inflowing and outflowing from your organization.
Ensure Compliance: Comply with privacy laws or
regulations such as EU GDPR Article 30 or CCPA Section
1798.130.
Data Controls: Allow your IT and InfoSec team to implement
necessary measures to secure and protect these data
throughout their lifecycle.
Why create a data inventory?
Cross Border Data Transfers: Understand the personal data
inflowing and outflowing from your organization.
Ensure Compliance: Comply with privacy laws or
regulations such as EU GDPR Article 30 or CCPA Section
1798.130.
Data Controls: Allow your IT and InfoSec team to implement
necessary measures to secure and protect these data
throughout their lifecycle.
7
How do I assess current state?
Mastery Question
??????
How do I assess current state?
Mastery Question
??????
8
What processes and goals do I put in
place?
How do I address IT/IS requirements?
Mastery Question
??????
What processes and goals do I put in
place?
How do I address IT/IS requirements?
Mastery Question
??????
9
How do I maintain it?
Mastery Question
??????
How do I maintain it?
Mastery Question
??????
10
––
How do I sell and get stakeholder buy-in
with a ROPA/data inventory internally?
Mastery Question
??????
??????
––
How do I sell and get stakeholder buy-in
with a ROPA/data inventory internally?
Mastery Question
??????
??????
Governance SuiteRecord Exchange
Solution:
●Utilize a library of 800+ pre-populated records across
systems, third party records, and popular business
processes so you can build your ROPA automatically and
accurately
Key Benefits:
●Reduce the time spent on creating new records
●Expedite ROPA efforts, achieving compliance faster
●Reduce the time and effort required for maintaining your
vendor records
Solution:
●Utilize a library of 800+ pre-populated records across
systems, third party records, and popular business
processes so you can build your ROPA automatically and
accurately
Key Benefits:
●Reduce the time spent on creating new records
●Expedite ROPA efforts, achieving compliance faster
●Reduce the time and effort required for maintaining your
vendor records
Third Party Discovery
Solution:
●Effortlessly identify third-party vendors by scanning
your organizationʼs websites to find those in use
●Automate record creation as identified records are
automatically created and populated with details on your
Third Party Discovery page
●Keep your records up-to-date with recurring scans every
six months, adding new records and removing those no
longer found on your websites, provided they haven't
been added to your inventory
●Stay informed with email and in-app notifications
when new records are added to your Third Party Discovery
page
Key Benefits:
●Save time with automatic discovery and identification of
third-party vendors
●Ensures accurate for compliance
Governance Suite
Solution:
●Effortlessly identify third-party vendors by scanning
your organizationʼs websites to find those in use
●Automate record creation as identified records are
automatically created and populated with details on your
Third Party Discovery page
●Keep your records up-to-date with recurring scans every
six months, adding new records and removing those no
longer found on your websites, provided they haven't
been added to your inventory
●Stay informed with email and in-app notifications
when new records are added to your Third Party Discovery
page
Key Benefits:
●Save time with automatic discovery and identification of
third-party vendors
●Ensures accurate for compliance
Governance Suite
Governance SuiteAI Record Creation
Solution:
●Utilize our AI Record Creation tool to
automatically create and populate the details for
System and Third Party Records
●Use AI Autofill by simply entering the name of a
Third Party or System Record and populate the
remaining details with a single click
Key Benefits:
●Save time with automatic discovery and
identification of third-party vendors
●Quickly obtain the information required for a
ROPA
Solution:
●Utilize our AI Record Creation tool to
automatically create and populate the details for
System and Third Party Records
●Use AI Autofill by simply entering the name of a
Third Party or System Record and populate the
remaining details with a single click
Key Benefits:
●Save time with automatic discovery and
identification of third-party vendors
●Quickly obtain the information required for a
ROPA
14
INTERNAL ONLY
Partnership TrustArc Solutions
Data Discovery
TrustArcʼs partnership strategy
utilizes a variety of data discovery
techniques, providing you with a
flexible suite of data discovery
options and solutions based on
your organizational needs.
Data Mapping & ROPA Automation
Record Exchange
Pre-populated with over 800 of the
most popular systems, third party
records, and business processes,
you can easily add records to your
own inventory/ROPA in a single
click.
Third Party Discovery
Simplify data inventory creation
with automated webinar
scanning and adding of
third-party vendors to your
inventory/ROPA, accelerating
your compliance efforts.
AI Autofill
Leverage AI to autofill details on
your records, reducing manual
data entry while improving
accuracy of data records.
Integrations
Use our third party connector
library to automatically create
third party and system
records, from any vendor in
your tech stack.
COMING SOON
Governance Suite
INTERNAL ONLY
Partnership TrustArc Solutions
Data Discovery
TrustArcʼs partnership strategy
utilizes a variety of data discovery
techniques, providing you with a
flexible suite of data discovery
options and solutions based on
your organizational needs.
Data Mapping & ROPA Automation
Record Exchange
Pre-populated with over 800 of the
most popular systems, third party
records, and business processes,
you can easily add records to your
own inventory/ROPA in a single
click.
Third Party Discovery
Simplify data inventory creation
with automated webinar
scanning and adding of
third-party vendors to your
inventory/ROPA, accelerating
your compliance efforts.
AI Autofill
Leverage AI to autofill details on
your records, reducing manual
data entry while improving
accuracy of data records.
Integrations
Use our third party connector
library to automatically create
third party and system
records, from any vendor in
your tech stack.
COMING SOON
Governance Suite
15
Thank You!
Thank You!
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 341
- Slides 15
- Age 431 days
Related Slideshows
1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
26 views
16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
30 views
31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
24 views
36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
27 views
112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
23 views
20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
24 views