TrustArc Blog

TrustArc Announces 25+ City GDPR Privacy Workshop Series

September 22, 2017

  TrustArc announced this week a special GDPR Privacy Workshop Series. The events, co-sponsored with Ogletree Deakins, are free and part of a global 25+ city program that will feature informative discussions, case studies, and practical solutions to achieve GDPR compliance. The Workshops are part of TrustArc’s renowned Privacy Insight Series that drew over 15,000 webinar registrations in 2016. Attendees will: Learn from industry experts who have implemented GDPR solutions across a wide range of industries Receive hands-on interactive review and tips on core GDPR compliance requirements, including: Data Mapping Building a Record of Processing (Article 30 Reports) Ongoing Risk Assessments … Continue reading TrustArc Announces 25+ City GDPR Privacy Workshop Series

TrustArc Partners with Alibaba Cloud

July 25, 2017

We announced our newest partnership with Alibaba Cloud (the cloud computing arm of Alibaba Group) at the IAPP Asia Privacy Forum 2017. As data privacy increases in importance for organizations of all sizes and maturity in Asia, TrustArc saw an opportunity to partner with one of the fastest-growing cloud computing companies in the world. Both TrustArc and Alibaba Cloud believe that as organizations continue to provide excellent experiences for their customers by collecting personal data, keeping up with evolving regulations and protecting data privacy is key. Scaling a privacy program requires using a combination of privacy expertise and technology. This strategic … Continue reading TrustArc Partners with Alibaba Cloud

New Privacy Technology, Resources Simplify EU GDPR Compliance

December 16, 2015

Today, TRUSTe announced solutions to help companies address the new EU General Data Protection Regulation (GDPR), which brings sweeping changes and tough compliance challenges for any business with EU customers and employees. The package of solutions will help companies meet the stringent new requirements of the GDPR. In addition, as the leading global provider of privacy certifications, TRUSTe will seek to become accredited as a data protection seal provider with the relevant European supervisory authorities. TRUSTe has a long history of helping companies address EU privacy requirements. TRUSTe launched their EU Safe Harbor privacy program in 2000 and has since assessed … Continue reading New Privacy Technology, Resources Simplify EU GDPR Compliance

TRUSTe Expands Offerings and Partners with PactSafe and Leading Law Firms to Help Companies Comply with EU Privacy Rules

December 07, 2015

In order to manage the privacy and operational challenges of implementing Model Contract Clauses (MCC) to maintain compliance with EU data protection laws, TRUSTe has introduced a new Model Contract Clause privacy assessment and partnered with PactSafe and a number of leading law firms. This solution comes after the Oct. 6th ruling by the European Court of Justice, which invalidated the U.S.-EU Safe Harbor framework. “The Safe Harbor Ruling has left many companies rudderless without a clear way to stay compliant with EU rules,” said Chris Babel, CEO of TRUSTe. “While the prospect of a new Safe Harbor 2.0 agreement … Continue reading TRUSTe Expands Offerings and Partners with PactSafe and Leading Law Firms to Help Companies Comply with EU Privacy Rules

TRUSTe Launches ROI Calculator to Measure the Value of Privacy Automation

November 03, 2015


The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. –Bill Gates

One of the greatest benefits of modern technology is that routine or repeatable work activities can often be done more efficiently with automation. For those who are conducting privacy assessments on a regular basis, and doing it inefficiently with spreadsheets and email, the thought of automating a Privacy Impact Assessment (PIA) must be particularly intriguing. TRUSTe research shows that a typical PIA can take 28 days to complete and involve 175 work hours spread across multiple departments. Surely there’s an opportunity for privacy teams to save time and money. To address the need for automation TRUSTe developed Assessment Manager, a SaaS solution that greatly reduces the time needed to plan, execute and analyze a privacy assessment, and then remediate identified risks.


Is automation right for anyone responsible for privacy?

No. According to Bill Gates, the second rule of technology is that “automation applied to an inefficient operation will magnify the inefficiency.” If you don’t have a solid foundation in place for conducting assessments you’re better off working on the basics before turning to automation. Spend the time (or hire a consultant for) establishing an assessment process, developing controls, designing effective survey templates and training others first.

Once you have a process in place, the answer may still be “no” if the automation solution’s cost far exceeds the potential benefits in terms of time, resource cost and quality. Chances are if you’re only doing (or planning on doing) a couple of assessments per year the ROI won’t be there. You’ll want to expect a future volume of assessment activity for automation to pay off.


How do I determine if automation is right for us?

Unfortunately there isn’t a magic number of privacy assessments where automation instantly becomes a no-brainer because no two companies assess the same or share the same cost structure. If you’re doing a couple per year it may be hard to justify. However if you plan on double-digit assessments next year (there are companies doing several thousand annually!) the math starts working in your favor.

The challenge of quantifying the return on investment (ROI) of privacy automation technology and communicating it with others is a consistent theme we’ve heard over the past couple of years.   Consequently we’ve assembled a great set of self-service resources and tools and offered them free of charge on a newly created public microsite.

Read more “TRUSTe Launches ROI Calculator to Measure the Value of Privacy Automation”

Next Steps Following the EU Court of Justice Ruling on U.S.-EU Safe Harbor

October 06, 2015

Today, Oct. 6th, the Court of Justice of the EU (CJEU) ruled that the current U.S.-EU Safe Harbor Program is no longer a valid method for ensuring adequacy under EU Data Protection Directive 95/46/EC for international data transfers. This significant change in data protection law removes an established data transfer compliance mechanism that has been in place since 2000 and relied on by more than 4,000 U.S. companies. This ruling causes a period of uncertainty for businesses until the Department of Commerce and the European Commission can agree and put a new U.S.-EU Safe Harbor framework in place. This morning … Continue reading Next Steps Following the EU Court of Justice Ruling on U.S.-EU Safe Harbor

Subscribe to Blog