You are on page 1of 3

6/6/2018 Vendors create GDPR compliance solutions to tackle a variety of areas

Vendors create GDPR compliance solutions to tackle

a variety of areas

 May 25, 2018  Save This

(h p://

Ryan Chiave a, CIPP/US

( // / / / )
The EU General Data Protection Regulation has absolutely dominated most of my time here at the IAPP recently,
and, chances are, if you are reading this those four le ers are taking up a boatload of your time as well.

Nearly every piece I have wri en on privacy technology over the past couple of months has involved the EU General
Data Protection Regulation in one way or another. Some of the pieces only focus on the GDPR tangentially.

Privacy professionals reviewing their privacy notices before the GDPR could use Polisis (h ps://
tool-scans-privacy-notices-to-inform-users-on-data-collection/), a tool using artificial intelligence to visualize all of
the data collection components of a company’s notice, to see if they are complying with the law. is an app
(h ps:// designed to be a data vault companies
could use to show all of the information they have on a data subject.

For all the solutions where their GDPR compliance abilities are an added benefit, however, there are many solutions
that were created specifically to help organizations handle different aspects of the new rules.

Anyone who has taken a look at the GDPR knows its scope is far too much for one solution to handle every single
one of its numerous articles. Tech vendors have sought to focus on a single aspect of the GDPR, and take care of it
to the best of their capabilities.

Data subject access rights solutions were among the most notable tools to spring up over the last few months.

TrustArc had released its Individual Rights Manager (h ps://

tool-for-gdpr-released/) earlier this year to help entities tackle Articles 12 and 15-23 of the GDPR. TrustArc’s solution
allows companies to put a link on their website to give users a chance to fill out a data request form. Once the
subject fills it out, a “privacy analyst” within the company will use templates to determine the best action for the
request, then come back with the data if the request is valid.

Another DSAR solution took the problem in a different direction, as Raptor Compliance’s so ware
(h ps:// uses a more automated
approach to data subject requests. A er either new or existing users fill out a form to verify their identity, Raptor’s
so ware searches throughout all of the company's databases to gather the subject’s information. 1/3
6/6/2018 even have made their way to GitHub,
Vendorsas a group
create of four platforms
GDPR compliance joined
solutions to tackle forces
a variety to launch an open-sourced
of areas

framework called OpenGDPR (h ps:// The

framework aims to allow data controllers and processors to be er manage and track DSARs, and quickly became
one of the most popular GDPR-related items on GitHub.

These companies created their solutions to address a part of the GDPR that had not been touched until the final
few months before implementation.

“It’s more a reflection of the lifecycle of how quickly companies were able to respond to the GDPR once it hit, and
Privacy Tech
then working (/news/privacy-tech)
through | Vendors
the different steps,” said create
TrustArc Senior GDPR
Vice compliance
President solutions
of Marketing to tackle a
 (/rss/privacy-tech)
and Product
variety of areas
Management Dave Deasy. “Since the deadline is not until May, there was no incentive to put your individual rights
solution in place last year because you didn’t have to.”

While DSARs have made a big impact, data destruction requirements cannot be ignored either. Filerskeepers is a
solution (h ps:// where
companies can have data retention schedules from different countries around the world at their fingertips through
excel spreadsheets. Having the spreadsheets delivered to a company is far more efficient than ge ing them from a
lawyer, according to filerskeepers Founders Wanne Pemmelaar and Madeleine Vos.

TrustArc didn't stop with DSARs, either. A few months a er releasing their Individual Rights Manager, the vendor
came out with their GDPR Validation solution (h ps://

Created to tackle another under addressed problem in GDPR certification, TrustArc created the Validation solution
to allow companies to display their GDPR compliance status, particularly to B2B customers. A company will fill out
whether they meet 40 objective validation requirements, then, a er being reviewed by a privacy professional, will
receive a le er to show that they are working to comply with the rules.

Of course, not every vendor woke up one day and decided to create a GDPR tool. A couple of vendors took their
existing solutions and reworked them to address the GDPR.

Parsons Behle Lab President Kimball D. Parker discussed how so ware used to help Utah citizens who were sued for
tax debt was reconfigured to create GDPR IQ (h ps://
documentation/), a tool that uses automation to help generate all of the compliance documents organizations need
to comply with the rules.

Users will answers questions ranging from as few as six to as many as 100 to get documents on policies and
procedures, notice and consent forms, and records of processing for internal and external activities.

The team at PactSafe had been producing solutions to collect electronic signatures for a few years before they
realized they could use their tools to gather and track consent under the GDPR.

It lead to the creation of their PactSafe Consent Management platform (h ps://

from-experience-to-create-consent-management-platform/), where companies can see the consent status of every
single data subject, as well as make changes to their privacy policies, and have them updated on every single page
where that policy resides.

The GDPR has companies thinking toward the future, and that future may entail more joint partnerships. TrustArc
CEO Chris Babel certainly believes that is the case, especially following the partnership it has entered with RADAR
(h ps:// to help entities in
their GDPR fight.

The companies’ platforms will have the ability to share information with one another in order to bolster their
capabilities, while each company is using the other’s product in order to learn more about their partner’s specialty,
while being able to be er answer questions they could not have done otherwise. 2/3
6/6/2018 asked what the companies will doVendors
once create
25 comes andsolutions
compliance goes, ato common answer
tackle a variety of areaswould pop up: They'll wait

and see what happens next. No one knows how the GDPR will be enforced, and companies will wait to see those
first regulatory actions before making any changes to the way they conduct their work. The vendors that will rise
a er May 25 will likely follow suit.

Photo credit: Wearable Technology (h p:// via photopin

(h p:// (license) (h ps://


Ryan Chiave a, CIPP/US

(h // / b / / )

 Share This

© 2018 International Association of Privacy Professionals.

All rights reserved.

Pease International Tradeport, 75 Rochester Ave, Suite 4

Portsmouth, NH 03801 USA • +1 603.427.9200

Contact Us (/about/contact) Press (/about/media) Advertise (/news/p/advertise)

Privacy Notice (/about/privacy-notice) Conditions of Use (/about/conditions-of-use)
Refund Policy (/about/refund-policy)

 ENGLISH (EN) 3/3