For many organisations, privacy compliance software has become an invaluable tool in crafting effective privacy programs that span multiple privacy laws and multiple regulators. This sort of complexity in obligation is quickly becoming the norm, with the GDPR requirements now considered to be the new floor for new privacy laws around the world.
There are three categories of privacy compliance software:
1) Legal Research Software
2) Privacy Office Support Software
3) Privacy Management Software
Nymity has recently released the 2018 Privacy Compliance Software Buyers Guide- an unprecedented look into each of these three types of software, developed to assist clients in choosing the right solution for their organisation.
In parts one and two of this blog series, we took a look at the first two categories: Legal Research Software, and Privacy Office Support Software. Today, in the conclusion of our series, we will examine the final category: Privacy Management Software.
When Should My Organisation Consider Privacy Management Software?
Privacy management software allows the privacy office to interact with the business directly through the use of automated questionnaires and expert systems. While privacy management software has been available on the market for many years, it’s only recently that industry innovations have given way to valuable new tools. Today, advancements in data visualizations, expert systems, business intelligence, and next generation reporting have led to greater levels of success for many companies currently implementing this type of software.
Generally speaking, privacy management software is best used by an organisation that has already implemented a privacy program, and is dealing with significant volumes or complexity of privacy management activities. Privacy management software is also best utilized in situations where there is a high level of engagement with the business. Scenarios where multiple individuals from multiple departments are adding to the software on a consistent basis are the most likely to reap the biggest value from this type of software solution.
Let’s take a look at the three most common types of privacy management software for the privacy office:
- Privacy Impact Assessment (PIA), and Data Protection Impact Assessment (DPIA) Software
- Data Mapping/Data Inventory Software
- Enterprise Assessment Software
1) PIA and DPIA Software
PIAs and DPIAs are risk assessment tools used to determine the factors that will need to be mitigated in performing certain privacy management tasks. Recent advances in PIA automation have led to innovative new approaches that increase efficiency and scalability. PIA and DPIA software typically contains the following basic functionality:
These surveys consist of standardized questions sometimes based on publicly available PIAs from regulators and other authorities. Some have threshold questionnaires to determine the likelihood of high risk processing, in which case further questions would need to be asked.
Workflows where individuals must approve an action based on risk, and a series of tasks that must be completed to mitigate damage.
PIA/DPIA software will typically rely heavily on the ability to define and predict risk, in order that it may be mitigated.
From here, new generation PIA/DPIA software solutions have added any number of the following functions:
- Auto-High Risk DPIA Triggers
- Auto PbD
- Regulator Reporting
- Benefits to Individuals
- Expert Systems
- Multiple Approval Functions
- Pre-Answered Questions
Nymity ExpertPIA™ provides a unique approach which is quick, simple and compliant. To learn more about this labour-saving technology, and its benefits for GDPR compliance, visit https://www.nymity.com/products/expertpia.aspx.
2) Data Mapping/Data Inventory Software
Data mapping for compliance is often driven by regulator reporting, requiring organisations to identify where data is collected and processed, the types of data and their subjects, and the legal grounds for data transfer. Within some jurisdictions, there is a legal obligation to produce a record of processing activities, in addition to a DPIA in the event of high-risk processing.
Data mapping solutions can accomplish all these tasks. Visualisations are a critical component of this type of software, allowing for easy identification of the above factors. Compliance data mapping software should support regulator inquiries, and any local regulator reporting.
Advanced time saving functions provided by some compliance data mapping software include:
- PIA/DPIA Integration
- Expert Content
- Expert Systems
- Data Subjects Rights Requests
- Data Breach Support
Nymity ExpertMapping™ is a simple, automated solution that turns data inventory into an outcome of detailed project reviews, perfect for maintaining the type of comprehensive and current internal records required by legislations such as the GDPR. To learn more, visit: https://www.nymity.com/products/expertmapping.aspx.
3) Enterprise Assessment Software
In years past, enterprise assessment software has presented little value following the initial questionnaire to determine readiness. Today, what is required is ongoing functionality. And in this respect, the key to enterprise assessment software is accountability: A structured approach to demonstrating the ongoing efficacy of a privacy program, implemented across an organisation.
In some cases, such accountability-based assessments are being conducted to satisfy a requirement in Binding Corporate Rules (BCRs). In other cases, they are being conducted to fulfill obligations in a US consent decree, privacy program governance, or even the GDPR.
New, innovative functionality that allows the enterprise assessment software to be used to demonstrate ongoing compliance includes:
- Historic Dashboard Visualisations
- Attestation-Based Platform
- Risk-Based Scalability
- Evidence-Based Approach
- Program-Based Evidence
- Legal Expert Systems
- PIA/DPIA Evidence and Reporting Integration
- Custom Reporting
- Flexible Assessments Timing
- Proactive Reminders
- Evidence Management
- Business Intelligence
Nymity Attestor™ is an enterprise assessment software solution that enables the privacy office to demonstrate ongoing accountability and compliance, generating quantitative metrics supported by evidence. For more information, visit https://www.nymity.com/products/data-privacy-management-solution.aspx.
Your Complete Source for Privacy Compliance Software Information
If your organisation is currently investigating which type of privacy compliance software will suit your specific needs, allow Nymity to assist you in finding the best solution. Our 2018 Privacy Compliance Software Buyers Guide contains detailed descriptions of all three categories of privacy compliance software: Legal Research Software, Privacy Office Support Software, and Privacy Management Software. It’s a key resource for any organisation seeking the ability to comply and report with confidence. The entire guide can be found here: https://info.nymity.com/2018-privacy-compliance-software-buyers-guide-gdpr-edition