DATASHE ET

DPIA Management Solution

Streamline your process for conducting DPIAs

and demonstrating GDPR compliance
Under Article 35 of the GDPR, a Data Protection Impact Assessment (DPIA) is required when data processing is likely
to result in a high risk to the rights and freedoms of individuals. EU regulators have identified a number of activities
that are likely to result in high risk processing. Examples include sensitive data processing, large scale processing,
predictive scoring, big data analytics, international data transfers, and the use of new technologies. Each DPIA
must contain a number of items, including a systematic description of the processing operations and their
purposes; an assessment of the necessity and proportionality; an assessment of the risks; the measures needed
to address the risks. Determining which data processing requires a DPIA, conducting DPIAs and demonstrating
compliance controls and safeguards can create a complex privacy program management challenge.

TrustArc DPIA Management Solution

Our DPIA solution simplifies the process of determining
whether a DPIA is required, conducting a risk assessment
and creating a risk register, evaluating and demonstrating
whether mitigating controls and safeguards are effective
and concluding whether prior consultation with a data
protection authority is required. It is based on a combination
of powerful technology through the TrustArc platform, proven
assessment methodology, and deep GDPR privacy expertise.

The DPIA provides a comprehensive and structured process to comply with the requirements outlined in Article 35
of the GDPR – along with detailed remediation guidance and recommendations. The solution was developed by
TrustArc GDPR privacy experts in collaboration with the Information Accountability Foundation and in conjunction
with review and inputs from regulators in the EU.

TrustArc Assessment Manager

Our DPIA solution is powered by the Assessment Manager module of the TrustArc
platform. Assessment Manager enables organizations to quickly assess and
remediate gaps across a wide range of regulations, including the GDPR. The
cloud based solution is in use by over 1,000 clients worldwide and is backed six
years of operating experience. The system is secure, does not require IT support,
is accessible by employees worldwide, and provides a central repository of all
assessments and remediation activity.

US 888.878.7830 | EU +44 (0)203.078.6495 | www.trustarc.com | © 2017 TrustArc Inc

DPIA Management Solution DATASHE ET

TrustArc GDPR Solutions

TrustArc offers a wide range of GDPR solutions including:
• DPIA/PIA Program Development – If you are new to conducting PIAs and DPIAs, our consultants can help
you build a sustainable PIA/DPIA program, including identifying and training participants; identifying areas
to assess and key assessment triggers; defining processes, reports, and review frequency; and much more.
• GDPR Priorities Assessment – Our structured methodology reviews your privacy program and provides a
detailed gap analysis and prioritized plan of activities needed to achieve GDPR compliance.
• Data Inventory, Cookie Consent, Tracker Scanning, Ads Preferences and Dispute Resolution – Our privacy
platform provides several modules to help you achieve and manage ongoing GDPR compliance.

TrustArc DPIA Solution Features

Comprehensive: The DPIA template covers all
compliance requirements outlined in Article 35 and
EU Guidelines on DPIAs adopted in 2017.
Flexible: Begin with a simple threshold
assessment and inherent risk assessment before
proceeding with a full DPIA (when required) –
plus access to an assessment template library
for other privacy reviews including PIAs, vendor
risk legitimate interests assessment and incident
response. Ability to tailor existing assessment
templates and create custom templates.
Intelligent: Logic-based question sequence,
automated gap review, automated and
customizable risk assessment, and detailed
remediation guidance and recommendations.
Easy to Use: Friendly user interface and
streamlined workflow optimized for administrators,
managers, and respondents.
End to End Solution: Manage the entire process–
requesting and following up on stakeholder input;
analyzing responses; assessing risk and compliance;
managing remediation; generating a risk register
and compliance reports as well as a DPIA outcomes
report.
Thorough: Data Flow Manager, part of the TrustArc
Platform, can be used to identify high risk data
processing activities that may require a DPIA.
Reporting: Key privacy safeguards are recorded
as the DPIA is conducted, and a custom report is
produced once the assessment is complete.
Proven: The DPIA solution was developed and
reviewed by a team of globally recognized EU
privacy experts from TrustArc and the Information
Accountability Foundation and has been reviewed
with regulators in the EU.

About TrustArc
TrustArc powers privacy compliance and risk management with integrated technology, consulting and TRUSTe
certification solutions – addressing all phases of privacy program management. Our new name, TrustArc, reflects
our evolution from a certification company into a global provider of technology powered privacy compliance
and risk management solutions. The foundation for our solutions is the TrustArc Privacy Platform which provides
a flexible, scalable, and secure way to manage privacy. Our technology platform, fortified through six years of
operating experience across a wide range of industries and client use cases, along with our services, leverage deep
privacy expertise and proven methodologies which we have continuously enhanced through thousands of client
projects over the past two decades. Headquartered in San Francisco, and backed by a global team, we help over
1,000 clients worldwide demonstrate compliance, minimize risk, and build trust.

US 888.878.7830 | EU +44 (0)203.078.6495 | www.trustarc.com | © 2017 TrustArc Inc 2