Data protection and privacy requirements have grown increasingly complex and while there is no substitute for a comprehensive privacy programme staffed by a knowledgeable and multidisciplinary team, there are increasingly more opportunities to enlist the help of software tools.
All three companies reviewed here, offer their own custom API and set of automated tools designed to integrate with a company’s existing technology stack, providing real-time data mapping insights, automate data subject access requests (DSARs) and consent management:
Based in San Francisco, DataGrail aims to “deliver a single place to manage your privacy program.” It uses an API integration paired with a user-facing dashboard for organisations to monitor their processing activities and follows a “detect, map, authenticate, automate” set-up with a dashboard for “data mapping and discovery, data subject requests and consent and preference management.” The platform comprises three services:
- live Data Map
- Request Manager system
- Preference Card
The Data Map provides real-time feedback on data flows and changes by integrating with an organisation’s associated data systems. These systems are then classified for easy tracking and automatically updated dynamically when changes are detected. This essentially automates the RoPA process. The Request Manager system automates DSARs, while the Preference Card is a central customer hub for “consent and email preferences.”
DataGrail may be a good option for organisations in earlier stages of growth that may already have a good grasp of their data flows. For larger companies with high amounts of historical data and that might be lacking uniform transfer protocols, it may not be realistic to use DataGrail’s tools.
Transcend offers a similar value proposition to DataGrail with an automated suite of tools although it is more developer focused. It has robust technical documentation and is clearly designed to be customised by in-house engineering to meet their own demands and scale. Its key features are:
- A vender data deletion API, allowing one to erase (and access) personal user data across all vender systems
- A privacy request infrastructure, which uses their API to automatically fulfil access/erasure requests and consent changes across every data system and every vendor
- A privacy centre that provides end-users with a “fully-branded self-serve portal that automates secure authentication, all necessary interactions and data return”.
Transcend’s API also encrypts inbound data so that they never see the raw information data of their users. This is their “zero-trust” claim.
Transcend is best suited for mid- to large-sized companies that receive a large amount of data subject requests. Because the products are more technical than other available options, an organisation considering Transcend should have buy-in from the technical/developer side of the business. A traditional compliance or legal department would have difficulty implementing Transcend’s tools.
Ethyca has a broad platform and includes a robust, visual admin dashboard. It seeks to cover privacy issues and pipelines in an understandable and accessible way by organising their products as follows:
- Real-time data mapping
- Automated subject requests
- Consent management
- Subject erasure handling
- Pre-built report templates
- Go-forward compliance
Ethyca provides a wide array of solutions but may not have the depth or technical capacity offered by Transcend or DataGrail. Therefore, it may be best suited to organisations that are looking for an introduction to data privacy and prefer a software tool with a lighter touch.
Having worked with clients in different industries, of varying size and with a range of priorities, HewardMills provides tailored, independent advice on which products may be suitable for your business.