As regulatory demands become increasingly complex, organizations must prioritize robust data privacy compliance to protect their customers and maintain trust. For companies operating across multiple jurisdictions, adhering to regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) can be particularly challenging. When a leading travel and leisure company recognized the need to enhance its privacy compliance program, it turned to Myna for expert guidance and support in developing a comprehensive data mapping solution within the OneTrust platform.
The challenge
This travel and leisure company faced a challenge of needing to enhance the maturity of its privacy compliance program to meet CCPA and GDPR requirements. Myna stepped in to develop a comprehensive data mapping solution, integrated into the OneTrust platform.
Myna was tasked with supporting the documentation of the following key records:
- The collection of personal information
- Categories of data subjects involved in the process
- Specific data elements collected
- Purposes of collection and processing
- Internal and external data transfers
- Specific third-party recipients, and more
Our Approach
Myna facilitated workshops with the client’s subject matter experts to obtain and validate key details regarding the information lifecycle across in-scope business units. Questionnaires and documentation reviews were used to validate and supplement the information gathered in these workshops. Additional working sessions were held to further identify and understand technologies, controls, and third-party relationships supporting these business processes.
PROGRAM OUTCOMES
Myna Partners developed a Data Mapping registry, uploading it into the client’s OneTrust platform for ongoing maintenance and management by the in-house privacy team. This provided the company with a fully documented lifecycle of personal information, giving them greater visibility and control over all flows of personal information management and compliance efforts as well as key third-party relationships, systems, and technologies that drive their operations.
