What we have been building in PrivacyAnt?

This spring, our developers have been on fire here in PrivacyAnt! After getting customers from business sectors that have millions of data subjects and complex data processing activities, we are confident that we chose the right track in helping companies to implement privacy in practice - not just on paper.

I am really happy that just last week I finally got to see a live demo of our newest feature that we have been working on the past year. I can't wait the day when it will be available to use for all of our new and existing customers. Internally, we call this feature as ‘a virtual DPO’ as it is intended to automate privacy by design and to save time from busy DPO’s and other privacy leaders.

What’s the problem we are solving?

In spring 2019, we did several data protection audits to different organisations. It was not uncommon that these organisations had put tons of effort creating robust data protection documentation before May 2018, but after a year, the documentation was partly or completely out-of-date.

We believe that one of the biggest challenges in managing privacy is to make sure privacy (and security) gets built in to every new business initiative that is happening the organisation. This is crucial for maintaining data protection documentation up-to-date.

We’ve met tons of DPO’s and information security managers that are struggling to have enough time to participate in different project meetings. A very common approach is to use excel spreadsheets or different privacy impact assessment solutions.

The problem with excel spreadsheets and many PIA tools is that they often leave too much margin for interpretation to the normal business employees answering them. For example, you might be collecting information about transfers to third countries. Unless the person answering understand what the ‘transfer’ means as well as locations of all the personal data storages, third parties, and their sub-contractors, you might not get the accurate answer. And when you don’t get real information from the business, implementing privacy correctly won’t happen.

A virtual DPO - what’s that?

For years, we too, struggled with excels and PIA tools. That’s why we decided to start building PrivacyAnt Software. The basic idea is simple, whenever there is a new business initiative in your organisation, the project manager and other stakeholders will collaboratively describe the intended processing activities on a data-flow canvas.

While describing the processing, PrivacyAnt Software will ‘detect’ applicable privacy requirements and will trigger those as ‘controls’ to be implemented. These controls can be really simple, such as ‘Provide information to the data subject’ in each situation that PrivacyAnt Software has identified as direct or in-direct data source.

The real benefits will start to arise when personal data from a specific data source is used in new ways. With controls, PrivacyAnt can advice the user to update a specific privacy notice to cover new purposes, transfers to 3rd countries or disclosures to third parties.

This will be one way to transform your internal privacy and information security policies into controls and set the rules when they apply. Theoretically, there can be more than millions of trigger combinations / rules to choose from. You could set up a specific control for situations where a personal data type called ‘First name’ is transferred to an IT-system, which is located in India or when ’Social security number' is stored in a system that can be accessed from Canada.

If you wish to see a live demonstration of our tool please contact me directly here on LinkedIn. We are always seeking new clients and reseller partners.