OneTrust Data Mapping for CCPA and GDPR 

As regulatory demands grow increasingly complex, organizations must prioritize robust data privacy compliance to protect their customers and maintain trust. For companies operating across multiple jurisdictions, adhering to regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) can be particularly challenging. When a leading travel and leisure company recognized the need to enhance its privacy compliance program, it turned to Myna for expert guidance and support in developing a comprehensive data mapping solution within the OneTrust platform. This case study outlines the steps taken by Myna Partners to address the client’s compliance challenges and the successful outcomes that were achieved.


introduction

Faced with the challenge of meeting CCPA and GDPR requirements, a travel and leisure company needed to enhance its privacy compliance program. Myna Partners previously LevelUP Consulting Partners stepped in to develop a comprehensive data mapping solution, integrated into the OneTrust platform, providing the company with greater visibility and control over its personal information management and compliance efforts.

THE CHALLENGE

A travel and leisure company needed to enhance the maturity of its privacy compliance program for the CCPA and GDPR. Myna Partners was engaged in supporting and documenting records of the collection of personal information, categories of data subjects involved in the process, specific data elements collected, purposes of collection and processing, internal and external data transfers, specific third-party recipients, and more.

Our Approach

Myna Partners facilitated workshops with the client’s subject matter experts to obtain and validate key details regarding the information life cycle across in -scope business units. Questionnaires and documentation reviews validated and supplemented the information gathered in these workshops. Additional working sessions were then performed to further identify and understand technologies, controls, and third-party relationships for in-scope business processes.

Program Outcomes

Myna Partners developed a Data Mapping registry, uploading it into the client’s OneTrust platform for ongoing maintenance and management by the in-house privacy team. This allowed the client to have a fully documented life cycle of personal information, giving them greater visibility and control in all flows of personal information, as well as the key third-party relationships, systems, and technologies used to support these business processes.