An international manufacturer and supplier of medical devices recently transitioned from their previous Data Privacy Manager, DPOrganizer, to PrivIQ. In collaboration with their US partner, RethinkTrust, this move has proven transformative. In this article, we explore the reasons behind this strategic shift and the challenges that led the company to choose PrivIQ.
Background
Founded in 2006 by investors and medical professionals, this company has earned a reputation for delivering industry-standard solutions in human health monitoring and diagnostics. With an international footprint spanning North America, Europe, and beyond, the organization faces complex data privacy management requirements.
Key data privacy concerns include:
- Safeguarding customer, participant and patient records.
- Managing diverse processes involving practitioners, suppliers, and healthcare groups.
- Adhering to stringent U.S. healthcare regulations and State statures, including data privacy and protection laws.
- Complying with European GDPR, ISO 27001 and other international privacy standards.
These challenges underscore the critical need for a robust and adaptable data privacy management solution.
The Challenge
The company initially used DPOrganizer but it proved inadequate to the task. After several months of attempting to import their data and use the system’s assessment and data subject request modules, the team found the platform’s functionality did meeting their requirements. Moreover, the platform was overly complicated and ill-suited to privacy operations, especially outside the EU.
This is when they turned to RethinkTrust and PrivIQ.
Why They Chose PrivIQ
PrivIQ takes a modern, human-centric approach to data privacy management. Key differences include:
- Approach: PrivIQ begins by identifying the department or area responsible for the process. It then considers the target audience (e.g., customers, employees) and follows the business process in plain English before addressing the legal basis.
- Flexibility: PrivIQ’s structure adapts to different organizational needs, providing a seamless experience for both GDPR-focused operations and U.S.-centric dynamic and varied data privacy requirements.
- Breadth: PrivIQ offers an umbrella approach that supports compliance across multiple regions, including the U.S., Canada, and Europe.
- Ease of Use: PrivIQ offers step-by-step guidance in context throughout the platform is ways that are workable for a variety of team members, not only attorneys and Data Protection Officers (DPO).
The client had the following major requirements
- A Data Privacy Management tool with the ability to effectively handle data subject requests for deleting or correcting personal information.
- A user-friendly tool to manage critical tasks efficiently, including privacy impact assessments, personal data inventories and complementing other governance and management tools.
Flexibility in supporting client’s privacy compliance, risk management and governance in their expansion to new markets. PrivIQ’s Cost Effective, User-friendly Data Privacy Management Solution.
PrivIQ provided immediate and effective solutions to these challenges:
- Streamlined Processes: PrivIQ’s system automatically creates a task card and sends out a confirmation message for data subject requests. The assigned privacy team member gets a notification to begin processing the request. PrivIQ guides the team member with a step-by-step process.
- Faster Data Mapping: With assistance from the RethinkTrust team, the client completed data mapping in under two weeks (part-time), compared to months of struggle with DPO Organizer. Instead of having to rely on individual complicated ‘assessment’ forms sent out to employees to complete, the team could import personal data records directly and quickly. They were able to upload, verify and import records in less than 20 minutes for an entire subsidiary.
- User Empowerment: After a brief training session, the team was able to independently create over 100 personal data entries into PrivIQ within 2 hours.
- Customizable Solutions: Each of the client’s websites now features tailored data subject access request forms designed for their geographic regions, including the U.S. and Europe.
- AI-Enhanced & Human-Verified: PrivIQ includes capabilities to generate highly customized assessments and processes, combining artificial intelligence with human expertise. For example, the client can create US-based impact assessments in minutes for their applications, including AI software they develop and use. These assessments are distinct from commonly available templates for a GDPR data protection impact assessment (DPIA).
Conclusion
“PrivIQ’s more flexible, easy-to-use data mapping module and inventory have been a game-changer for our client. The use of these tools for impact assessments, DSAR fulfilment, and vendor management—all in plain English and without overly legalistic language—has been incredibly valuable.
In the initial stages of project implementation, PrivIQ’s comprehensive AI-assisted and human-verified capabilities generated highly bespoke risk assessments and risk registers. The client can edit and adapt these after they are generated. For most privacy teams, data management and handling go far beyond legal aspects. PrivIQ addresses these dimensions comprehensively, making it the clearly better choice.”
– Nalini Kaplan, founder of RethinkTrust
This case illustrates how PrivIQ’s human-centric, adaptable approach to data privacy management can address the complex needs of global healthcare organizations. Many similar companies face comparable challenges, and PrivIQ’s innovative framework offers an effective, efficient, and comprehensive solution to their data privacy concerns. If your organization is struggling with legacy tools and outdated processes, PrivIQ could be the answer to your data privacy needs.
If you want to find out how PrivIQ can help your organisation improve data privacy management, Get in touch.