Xanadu |
- Personal Data Rights
- Use the Personal Data Rights application that provides configurable workflows to manage and automate personal data rights requests efficiently, reducing the risk of non-compliance. The Personal Data Rights application enables customers to efficiently manage and fulfill Data Subject Access Requests (DSARs), consumer rights requests, and so on, ensuring compliance with privacy regulations. The application
helps organizations to handle requests related to the personal data rights of their consumers while ensuring that employees can maintain data protection standards globally.
- Create data lineage
- Establish a data lineage to understand how data is being consumed and shared in a given processing activity. Creating a data lineage also helps you to understand and manage the associated risks for the data being shared.
This feature provides a visual representation of data lineage or hierarchy.
- Create a regulatory agency
- Create regulatory agencies in the Privacy Workspace to identify the relevant regulatory authorities that are responsible for overseeing the businesses in the public interest. The centralized library consolidates all regulatory communication
via emails.
- Collaborate and chat with cross-functional teams for processing activities, privacy cases, privacy assessments, and personal data rights requests
- Initiate quick discussions with key stakeholders while working on a processing activity, privacy case, or a personal data rights request. The chat feature is integrated with Microsoft Teams and a group is automatically created on Microsoft Teams when a discussion is initiated. The chat conversations that take place using the Discuss button are stored in the respective record making it simpler for the privacy teams to refer
to them when working on a task.
- View smart attestations on the processing activities
- Use the Smart Assessment Engine feature to respond to attestations. View the reports of the new control attestations on the landing pages of the privacy analyst and the privacy manager. Utilize the filter in the
Attestations report to select if you want to view the classic attestations or the new attestations.
- Changes in roles with the Privacy Employee user application
Note: Only applicable to the customers with the GRC
Privacy Employee User application (sn_privacy_emp) installed. When you install the new GRC
Privacy Employee User application and assign the sn_privacy_emp.privacy_employee role to your employees, the role enables your employees to perform the following operations from the Employee Center:
- Proactively request privacy impact assessments (PIAs) for new implementations, applications, and processes from the Employee Center.
- Report privacy cases related to data privacy policy and regulatory violations.
- Read and acknowledge organizational privacy policies.
- Create policy exceptions.
- Create privacy issues.
- Changes in roles with the GRC: Privacy Lite User application
- If the GRC: Privacy Lite User application (sn_privacy_lite) is installed, the following roles are considered as lite operators:
- sn_privacy.business_user
- sn_privacy.assessment_responder
- sn_privacy_case.privacy_case_business_user
- sn_grc_pdr.data_owner_admin
Users with the lite operator role can do the following:
- Respond to privacy assessment tasks as business users.
- Respond to the processing activity's criticality risk assessments and object-based assessment.
- View, update, and close assigned issues.
- Respond to the assigned control attestations.
- Respond to the assigned manual indicator tasks.
- Create, update, and close assigned remediation tasks.
- Work on the processing activity as a business user when it’s assigned to you to collect the required details.
- Work on breach assessments and other privacy case tasks.
- Respond to the detailed privacy risk assessments on each risk identified on a processing activity.
- Respond to the assessment and investigation tasks assigned by the privacy team.
- Work on personal data rights action tasks to handle data according to the requester's requests.
|
Yokohama |
- [Placeholder link text to key bundle-grc.configure-criticality-factors]
- Leverage criticality factors to evaluate the initial risks associated with processing activities. Integrate these factors into privacy assessments and automatically generate a criticality score upon assessment approval.
These factors are also added to processing activities, enabling you to make updates at any time. Integrating these factors in a privacy assessment eliminates the need for a separate criticality assessment. This consolidation
reduces the workload for the privacy teams.
- Smart assessments
- Use the new and improved assessment experience that enables:
- capturing the data elements, the information object attributes, hierarchies
- building the assessment questionnaire
This new experience enables responders to update all the necessary details within the assessments, eliminating the need to update the processing activity separately.
- Configure categories
- Implement Information object categories to tag and classify information objects effectively. For example, attributes like iris scans and fingerprints are often referred to as biometric data, or email addresses and phone
numbers can be tagged as contact information. Information object categories enable you to categorize these information objects under these broader classifications. This approach is useful in the following ways:
- Enhances compliance with regulations such as GDPR, CCPA, and so on by accurately capturing and tracking required data categories.
- Improves clarity for business users, ensuring they can easily identify and work with terms they’re familiar with while adhering to regulatory standards.
- Streamlines data governance by creating a structured framework that supports both regulatory needs and business operations.
- Smart assessment for privacy case management action tasks
- Use the new assessment experience of Smart Assessment Engine for privacy case action tasks. Only when an action task moves from the Draft to the Assigned state, the assessment can be sent. To use
the smart assessment, a new property called enable_smart_assessments (sn_grc_case_mgmt.enable_smart_assessments) is introduced with the default value as true.
|
Zurich |
- Data subjects
- Select and define the multiple data subject types for each processing activity. You can capture the volume of data subjects that were processed, the specific data elements that were collected from the users, and the user
locations. With this feature, you get a realistic, granular, and scalable representation of your processing activities.
- Privacy management dashboard
- Get an overview of your complete privacy risk and compliance posture from the Privacy Management dashboard so that you can quickly prioritize and remediate your processing activities. By looking at the Processing Activities, Risk & Compliance, and Operations & Case management
sections, you can see the overall compliance score, trends, privacy criticality assessment scores, and risk heatmap. From the dashboard, you can also see information about the global legal framework to understand the regional
obligations and the built-in risk metrics that automatically assess each processing activity.
- New screening and PIA templates
- Use the new Privacy Impact Assessments (PIAs) and Screening Assessment templates that provide standardized questions, evaluation criteria, and workflows so that you can perform a processing activity criticality and privacy
risk assessment. With these new templates, you can ensure consistency, reduce manual effort, and support compliance with regulatory and organizational requirements.
|
Australia |
- [Placeholder link text to key configure-pdr-ext-form]
-
- Starting from version 22.3.x of Personal Data Rights, privacy administrators can navigate to External form configuration to tailor the public-facing PDR form for their organization. They can map jurisdictions to data subject
types and request types, and specify whether an authorized agent can submit a request on behalf of a data subject for each jurisdiction.
- For each jurisdiction, administrators can add terms and conditions, disclaimers, and guidance text that requesters see when they submit a request from that jurisdiction.
- Administrators can also show or hide form fields based on the combination of jurisdiction, data subject type, and request type that a requester selects. The form collects only the information needed, therefore,
requesters see only the fields that apply to their request.
- [Placeholder link text to key add-stakeholders-to-a-pa]
-
- Starting from version 22.3.x of Privacy Management, privacy analysts can add any user, including users without privacy roles, as a key stakeholder on a processing activity. Such users are set to No privilege to respond to
assessments by default, and therefore, can only view the record if they are granted the business user role.
- Key stakeholders with the appropriate business user role can select Request edit access to ask the privacy analyst for editing rights to a processing activity.
- New privacy content in Privacy Management Content
-
- Starting from version 22.3.x of Privacy Management Content, privacy managers can extend their regulatory library with new ready-to-use authority documents, Digital Personal Data Protection Act 2023 (DPDPA), Virginia Consumer Data
Protection Act, and Colorado Privacy Act. When activating an authority document, they can select which citations to add to the library, and then select from the AI-generated control objectives already mapped to those
citations.
- Privacy Management Content also ships an updated version of privacy risk statement that carries forward the AI-generated risk statements from the previous version and adds new ones. Reinstalling the
already existing risk statements after the update may overwrite certain changes made to them.
- Smart assessment
versioning
of privacy assessment templates
- Starting from version 22.3.x of Privacy Management and Privacy Case Management, you can create a version of an existing privacy assessment template to revise the questionnaire, response options, or automations without disrupting assessments that are already in
progress. New privacy assessments use the latest published version of the template.
- Early availability
- Case summarization for privacy cases
- Privacy analysts can now use the Now Assist case summarization feature to quickly understand a privacy case without manually reviewing every field or related
list. Now Assist analyzes key case attributes, such as timelines, impacted areas, evidence, and actions, and generates a structured
summary directly inside the privacy case. This feature solves a common problem: case data is often lengthy, scattered across
multiple related lists, and difficult for analysts to digest efficiently. Analysts can also save and edit summaries as case data evolves, ensuring the record stays current.
- Report a privacy case anonymously
- Employees
can now use the Anonymous Reporting Center to report privacy violations such as data breaches or exposure, unauthorized data use, privacy law violations (GDPR, CCPA), or other privacy-by-design lapses without revealing their
identity or location.
- Accessed
through the Employee Center, the Anonymous Reporting Center portal automatically logs users out to enforce anonymity, creates case records without mapping to employee identity, and provides a unique report key for secure follow-up
communication.
- Reports
are routed to the appropriate compliance team based on the nature of the concern. Throughout the investigation process:
- Investigators can request additional information through a comments system visible to the reporter
- Reporters can follow up on their case using their report key to check progress and respond to questions
- All interactions maintain reporter anonymity at every step; no identity or location data is ever captured or linked
This enhancement enables organizations to build trust, mitigate risks before escalation, and ensures regulatory compliance with whistleblower protection requirements.
- Hierarchy and lineage enhancements
- The
Hierarchy and lineage enhancements enables privacy teams to identify which systems, vendors, and applications belong to a specific processing activity by marking relationships as “part of a processing activity.” This
ability differentiates scoped components from global or shared connections. Users can toggle between a
processing‑activity‑scoped view and a full lineage view, helping them understand
data flows in the appropriate context.
- Privacy content accelerator
- The
privacy regulatory content through Unified Content Management provides pre‑built authority documents, citations, control objectives, and risk statements aligned with major privacy frameworks, including GDPR, CCPA, LGPD, and
the NIST Privacy Framework 1.0. These resources are available for download directly from the Privacy Workspace,
enabling teams to readily access standardized regulatory content.
|