Privacy Notice Creation and Management Maturity Level 1
The PrivacyOps approach recommends that organizations transition from manually drafting and managing privacy notices to automating privacy notice management in two steps or ‘maturity levels.’
PrivacyOps recommends the use of a secure portal for the creation and management of privacy notices. The privacy notice portal shall have the following features:
Pre-built ’regulation specific’ and ‘industry specific’ templates shall be available which organizations can use according to the advice and consultation of privacy and business experts. This will ensure that the organization’s privacy notices are always compliant with various, ever-changing global data privacy regulations and laws.
The templates will be easy to populate, utilizing a built-in library with multi-select options to choose what types of personal data categories are collected and processed by the organization, a picklist for various types of security measures organizations are undertaking to protect the data and selectable retention periods for the holding of certain types of personal data categories.
It would also be possible for organizations to import their existing privacy notices from an external source to within the portal. The system shall scan the imported notice (if it follows the prescribed format) and glean the information within it to pre-populate the privacy portal’s selections in the new template.
This portal shall be a collaborative space in which relevant stakeholders from different departments of the organization and external partners can be invited to share their insights to ensure the privacy notice is accurate and fully transparent.
This portal shall also help manage multiple privacy notices required by organizations that run numerous operations and thus need different privacy notices for each arm. Versioning will also be easily manageable, and the notices will be available in multiple languages with auto-translation features.
A built-in privacy notice banner in which the organization will add cookie collection details via various easy-to-fill forms.
Customizable, formatted, pre-populated sections on service providers, international transfers, children’s data, and data subjects rights will require some simplified inputs and an easy-to-use, collaborative review process to be published.
Privacy Notice Creation and Management Maturity Level 2
The signature automation of tasks and next-generation data intelligence found within PrivacyOps comes into play in the second maturity level.
Essentially, organizations will be able to use insights derived from the Data Mapping exercise and other PrivacyOps compliance exercises to update the information within their privacy notice in real-time. Thus, Maturity Level 2 allows organizations to create and manage multiple privacy notices seamlessly and effortlessly as changes in data collection or processing operations will automatically be detected and incorporated within the privacy notice in real-time and will be available for approval before final publication.
Features of PrivacyOps Privacy Notice Creation and Management within Maturity Level 2 include:
Changes in the organization’s data processing activities, the type of personal data categories collected or processed, and data processors used by the organization will be automatically detected via scheduled scans of data stores within the Data Mapping module. The website will reflect these updates within the pre-populated picklists in the privacy notice portal, and the system will send alerts to update the notice.
Periodic review alerts can be scheduled for the Privacy Notice to ensure it always remains up to date and transparent.