Level 2 of the PrivacyOps approach brings more automation, insights, and data intelligence to the system. The organizing principle of Maturity Level 2 of PrivacyOps is that data intelligence necessarily lies at the center of all privacy compliance processes.
Under this Level, organizations can automatically trigger privacy assessments as soon as a new asset is discovered. This maturity level reduces the onus on organizations to identify product owners or remind product owners to fill out assessments. The assessment responses are tracked and managed inside a Privacy Portal, allowing easy record keeping. Under Maturity Level 2, structured and unstructured data stores, once connected, are automatically scanned to discover all personal and sensitive data, categorize it and store it with all available metadata. This helps organizations validate the information provided by product owners about sensitive data in their data stores.
In an agile development environment, organizations access a risk score customized for each data store to measure risk based on sensitive data collected, data residency, etc. This allows privacy officers to plan and prioritize risk mitigation activities more effectively. Most importantly, under this Level, PrivacyOps platforms automatically create a visual data map to show how and where data is collected, processed, stored, and retained to maintain accurate Records of Processing Activities (RoPA) to meet privacy requirements quickly.
Maturity Level 2 also allows automation of many tasks required by global data privacy regulations, such as conducting assessments, fulfilling data subjects’ rights requests, and notifying affected data subjects in case of a breach.
Key technological capabilities in the Maturity Level 2 of PrivacyOps approach: