Yokohama |
- [Placeholder link text to key bundle-grc.configure-criticality-factors]
- Leverage criticality factors to evaluate the initial risks associated with processing activities. Integrate these factors into privacy assessments and automatically generate a criticality score upon assessment approval.
These factors are also added to processing activities, enabling you to make updates at any time. Integrating these factors in a privacy assessment eliminates the need for a separate criticality assessment. This consolidation
reduces the workload for the privacy teams.
- Smart assessments
- Use the new and improved assessment experience that enables:
- capturing the data elements, the information object attributes, hierarchies
- building the assessment questionnaire
This new experience enables responders to update all the necessary details within the assessments, eliminating the need to update the processing activity separately.
- Configure categories
- Implement Information object categories to tag and classify information objects effectively. For example, attributes like iris scans and fingerprints are often referred to as biometric data, or email addresses and phone
numbers can be tagged as contact information. Information object categories enable you to categorize these information objects under these broader classifications. This approach is useful in the following ways:
- Enhances compliance with regulations such as GDPR, CCPA, and so on by accurately capturing and tracking required data categories.
- Improves clarity for business users, ensuring they can easily identify and work with terms they’re familiar with while adhering to regulatory standards.
- Streamlines data governance by creating a structured framework that supports both regulatory needs and business operations.
- Smart assessment for privacy case management action tasks
- Use the new assessment experience of Smart Assessment Engine for privacy case action tasks. Only when an action task moves from the Draft to the Assigned state, the assessment can be sent. To use
the smart assessment, a new property called enable_smart_assessments (sn_grc_case_mgmt.enable_smart_assessments) is introduced with the default value as true.
|
Zurich |
- Data subjects
- Select and define the multiple data subject types for each processing activity. You can capture the volume of data subjects that were processed, the specific data elements that were collected from the users, and the user
locations. With this feature, you get a realistic, granular, and scalable representation of your processing activities.
- Privacy management dashboard
- Get an overview of your complete privacy risk and compliance posture from the Privacy Management dashboard so that you can quickly prioritize and remediate your processing activities. By looking at the Processing Activities, Risk & Compliance, and Operations & Case management
sections, you can see the overall compliance score, trends, privacy criticality assessment scores, and risk heatmap. From the dashboard, you can also see information about the global legal framework to understand the regional
obligations and the built-in risk metrics that automatically assess each processing activity.
- New screening and PIA templates
- Use the new Privacy Impact Assessments (PIAs) and Screening Assessment templates that provide standardized questions, evaluation criteria, and workflows so that you can perform a processing activity criticality and privacy
risk assessment. With these new templates, you can ensure consistency, reduce manual effort, and support compliance with regulatory and organizational requirements.
|
Australia |
- [Placeholder link text to key configure-pdr-ext-form]
-
- Starting from version 22.3.x of Personal Data Rights, privacy administrators can navigate to External form configuration to tailor the public-facing PDR form for their organization. They can map jurisdictions to data subject
types and request types, and specify whether an authorized agent can submit a request on behalf of a data subject for each jurisdiction.
- For each jurisdiction, administrators can add terms and conditions, disclaimers, and guidance text that requesters see when they submit a request from that jurisdiction.
- Administrators can also show or hide form fields based on the combination of jurisdiction, data subject type, and request type that a requester selects. The form collects only the information needed, therefore,
requesters see only the fields that apply to their request.
- [Placeholder link text to key add-stakeholders-to-a-pa]
-
- Starting from version 22.3.x of Privacy Management, privacy analysts can add any user, including users without privacy roles, as a key stakeholder on a processing activity. Such users are set to No privilege to respond to
assessments by default, and therefore, can only view the record if they are granted the business user role.
- Key stakeholders with the appropriate business user role can select Request edit access to ask the privacy analyst for editing rights to a processing activity.
- New privacy content in Privacy Management Content
-
- Starting from version 22.3.x of Privacy Management Content, privacy managers can extend their regulatory library with new ready-to-use authority documents, Digital Personal Data Protection Act 2023 (DPDPA), Virginia Consumer Data
Protection Act, and Colorado Privacy Act. When activating an authority document, they can select which citations to add to the library, and then select from the AI-generated control objectives already mapped to those
citations.
- Privacy Management Content also ships an updated version of privacy risk statement that carries forward the AI-generated risk statements from the previous version and adds new ones. Reinstalling the
already existing risk statements after the update may overwrite certain changes made to them.
- Smart assessment
versioning
of privacy assessment templates
- Starting from version 22.3.x of Privacy Management and Privacy Case Management, you can create a version of an existing privacy assessment template to revise the questionnaire, response options, or automations without disrupting assessments that are already in
progress. New privacy assessments use the latest published version of the template.
- Early availability
- Case summarization for privacy cases
- Privacy analysts can now use the Now Assist case summarization feature to quickly understand a privacy case without manually reviewing every field or related
list. Now Assist analyzes key case attributes, such as timelines, impacted areas, evidence, and actions, and generates a structured
summary directly inside the privacy case. This feature solves a common problem: case data is often lengthy, scattered across
multiple related lists, and difficult for analysts to digest efficiently. Analysts can also save and edit summaries as case data evolves, ensuring the record stays current.
- Report a privacy case anonymously
- Employees
can now use the Anonymous Reporting Center to report privacy violations such as data breaches or exposure, unauthorized data use, privacy law violations (GDPR, CCPA), or other privacy-by-design lapses without revealing their
identity or location.
- Accessed
through the Employee Center, the Anonymous Reporting Center portal automatically logs users out to enforce anonymity, creates case records without mapping to employee identity, and provides a unique report key for secure follow-up
communication.
- Reports
are routed to the appropriate compliance team based on the nature of the concern. Throughout the investigation process:
- Investigators can request additional information through a comments system visible to the reporter
- Reporters can follow up on their case using their report key to check progress and respond to questions
- All interactions maintain reporter anonymity at every step; no identity or location data is ever captured or linked
This enhancement enables organizations to build trust, mitigate risks before escalation, and ensures regulatory compliance with whistleblower protection requirements.
- Hierarchy and lineage enhancements
- The
Hierarchy and lineage enhancements enables privacy teams to identify which systems, vendors, and applications belong to a specific processing activity by marking relationships as “part of a processing activity.” This
ability differentiates scoped components from global or shared connections. Users can toggle between a
processing‑activity‑scoped view and a full lineage view, helping them understand
data flows in the appropriate context.
- Privacy content accelerator
- The
privacy regulatory content through Unified Content Management provides pre‑built authority documents, citations, control objectives, and risk statements aligned with major privacy frameworks, including GDPR, CCPA, LGPD, and
the NIST Privacy Framework 1.0. These resources are available for download directly from the Privacy Workspace,
enabling teams to readily access standardized regulatory content.
|