Our client, a global health and nutrition company, engaged Myna to enhance their privacy program and optimize their Data Subject Request (DSR) process. They faced challenges as requests were being received through a “Contact Us” form, leading to limited tracking. The client aimed to streamline their approach through webforms in OneTrust’s Privacy Rights Automation (PRA) module.
This was the client’s second engagement with Myna. Previously, we had assessed their privacy program elements and provided specific recommendations for enhancing their use of OneTrust. At the time, the client had minimal information on which systems held customer data and who the system owners were, making it difficult to confirm if data subject requests were being fully honored.
OUR SOLUTION:
To address the client’s challenges, our team:
- Conducted stakeholder interviews to existing DSR process, pain points, and desired future state.
- Identified systems holding consumer data for each brand in scope and documented system owners, enabling clearing accountability for fulfilling requests.
- Designed and configured webforms and corresponding workflows within OneTrust’s PRA module for each individual brand to enhance the contact form and streamline request intake and routing with defined timelines and internal approval process.
- Delivered training sessions and user guides to support long-term operational sustainability.
Program Outcomes
- Streamlined Data Subject Requests intake process across 9 different brands.
- Enhanced visibility into systems holding customer data and their owners for each system and subtask within each brands workflow.
- Significantly improved overall process of actioning a request from 10 to 4 steps, including automating the verification of the data subject and time-based notifications to the subtask owners to maintain SLAs.
- Automated workflows reduced manual effort, making easier for the client to comply with the request in an organized and timely manner. Ensuring compliance with global regulatory requirements.
- A stronger foundation to their overall privacy program, enabling them to manage daily operations efficiently.
