Global privacy laws such as the GDPR, CCPA, and many others have changed the way organisations think about data privacy management. Privacy Hub by Wrangu is powerful yet easy-to-use software that solves the challenges of the latest regulations organization-wide – allowing simplified privacy program management through a single source of truth.
Privacy Hub by Wrangu will help your organization meet such privacy challenges as Data Mapping, Data Protection Impact Assessments, Records of Processing Activities, Data Subject Rights Requests, Transfer Impact Assessments and Data Breach reporting.
It includes support for the following privacy regulations:
-
EU GDPR/ UK GDPR requirements (Articles: 6, 7, 8, 9, 12, 15, 16, 17, 18, 19, 21, 25, 30, 33, 34, 35, 44, 45, 46, 47, 49)
-
Personal Information Protection Law of the People's Republic of China (PIPL)
-
Many other countries and jurisdictions, including CCPA California, LGPD Brazil, LPPD Turkey, PIPEDA Canada and PPIPS Quebec, and PDPA Singapore
Our Data Flow Mapper, as an optional alternative to the more conventional form-based approach, is a highly intuitive, easy-to-use graphical tool that provides a quick and easy understanding of what’s happening with the personal data you hold. It helps identify any gaps and risks within your processes and makes the journey of managing obligations and providing transparency within your organisation that much easier.
Our in-depth experience with privacy regulations, data privacy and risk management allows us to deliver the perfect blend of deep functional knowledge and technical expertise, enabling you to manage global privacy requirements using common processes on a single platform.
Privacy Hub by Wrangu is built on the ServiceNow platform to ensure seamless integration with your other ServiceNow modules and processes.
Data Privacy Portal
The Portal lets your data privacy team interact with all Data Privacy modules via an easy-to-use, web-based interface.
Dashboard & Reports
At all times, your data protection team has a real-time overview of the entire organization’s data privacy activity on a single page. With the capability to drill right down to live source data, flexible report creation and views that can be tailored to individual organizations. The My Work dashboard allows all users to view and manage their own work more efficiently.
Record of Processing Activities (ROPA)
Comprehensive recording of data enables the robust documentation of processing activities, including the ability to relate a ROPA directly to Applications and Systems or any other configuration items within the ServiceNow CMDB as well as vendors, suppliers and other third parties. Highlighted features include:
- Pre-defined workflow providing a step-by-step process from drafting a proposed processing activity through to publishing it in the ROPA register, acting as either a data controller or a processor.
- Global ROPAs that can be shared between and localized by different parts of the organization that perform similar processing.
- A DPIA relevance indicator that recommends whether a DPIA is needed for a ROPA based on the information in the ROPA.
- Automatic updating of the relationship between asset register and personal data.
- Defining the flow of data inside and outside the organisation, using forms or the graphical Data Flow Mapper interface.
- Carrying out Transfer Impact Assessments on international transfers.
- Support for a periodic review cycle and version control.
Data Protection Impact Assessment (DPIA)
The DPIA module, continually updated with the latest guidance from regulators, provides an initial DPIA screening questionnaire if desired and an in-depth and an in-depth assessment to identify and document risks and mitigation measures. Highlighted features include:
- Dynamic screening questionnaires supporting region-specific requirements (whitelists/blacklists).
- Automatic evaluation of DPIA responses with possible concerns raised for consideration.
- Built-in configurable risk calculation engine that displays risk ratings based on responses.
- Configurable approval levels throughout the lifecycle of an assessment.
Transfer Impact Assessment (TIA)
The TIA module enables the assessment of transfer mechanism effectiveness with international transfers. Performing TIAs follows a well-defined process:
- Detail the scope (circumstances) of the transfer, such as the data exporter and importer, where the data is being transferred to, the nature of the data (type, data subject, format) and purpose of transfer.
- Use comprehensive questionnaires written by Data Privacy specialists, carry out detailed legal assessments and evaluate the effectiveness of the transfer tool.
- Define supplementary measures (technical, organisational and contractual) to mitigate risk if necessary.
- Review and complete the TIA with a final outcome recommendation on whether the transfer can go ahead.
Data Flow Mapper
Data Flow Mapper (DFM) is a graphical tool for defining and visualising the flow of personal data inside and outside an organisation. It provides improved understanding of how data is acquired, held, processed, shared and destroyed by the organisation itself or third parties, and the countries in which these activities take place. Highlighted features include:
- Intuitive drag and drop interface to define and visualise the flow of data within processing activities.
- Automatically updates ROPAs with the data flow defined in the diagram.
- Flow diagram export for reporting.
Data Subject Rights requests (DSR)
The DSR module lets data privacy teams and data subjects raise and manage data subject rights requests. Highlighted features include:
- Predefined workflows providing step-by-step guidance when processing requests, in the role of either a ‘processor’ or a ‘controller’.
- Support for single or multiple intake forms.
- Automated SLA calculation to help manage and track timeline obligations under various regulations.
- Action Tasks to manage and track obligations with third parties for fulfilment of the data subject rights.
- Predefined templates to allow pre-approved responses to requests.
- Open API that allows the capture of DSR requests from external sources such as corporate websites.
Data Breach reporting
The Data Breach module acts as a register of all incidents relating to personal data and facilitates the automatic determination of whether a report or notification should be sent to the relevant authorities or the impacted data subjects. Highlighted features include:
- Dynamic rules and triggers identify and suggest obligations for specific regulations and types of data breached, facilitating reporting to the authorities and data subjects.
- Comprehensive forms ensure capturing of all data required for reporting to the authorities and data subjects.
- Dynamic SLAs assist with managing timeline obligations.