A leading apparel company operating across the U.S. and international markets, engaged Myna to assess and optimize its existing OneTrust setup environment. The company was undergoing a reorganization that left the sole project stakeholder, to manage various unknowns that included unclear ownership and responsibility, limited documentation on the OneTrust setup process, and a disorganized tenant spanning over 5+ modules.
The stakeholder lacked a defined starting point and had previously engaged a consulting firm that delivered limited strategic value. Myna was engaged to bring specialized expertise in designing a clear structure, actionable recommendations, and a roadmap to improve efficiency across their security and privacy program. The engagement centered on strengthening key areas, including Data Mapping, Data Subject Rights (DSR), Consent Management, and Third-Party Risk Management (TPRM).
our approacH:
Myna began the engagement by executing a comprehensive OneTrust health check.
- First conducting meetings with the primary stakeholder to learn and understand the goals of the health check and review the current OneTrust configuration across all modules.
- Next, Myna conducted a detailed assessment of existing program practices against industry best practices, identifying and documenting 46 possible enhancement opportunities to improve efficiency.
- Following the presentation of health check findings, Myna transitioned into a sustainment phase, working with the main stakeholder to prioritize roadmap items and providing insight on key decision points throughout sustainment.
Program Outcomes
- Strengthened compliance and achieved long-term efficiencies by streamlining DSR, Data Mapping, and TPRM processes, including user guides and playbooks to ensure consistency in ongoing maintenance.
- Enhanced and improved the client’s dashboard and reporting for greater monitoring, visibility, and tracking of DSRs, privacy assessments, and security assessments.
- Recommended data minimization practices for DSR operations, reducing the collection of sensitive data and supporting a lower risk identity verification process for data subjects submitting a DSR.
- Developed jurisdiction-specific data mapping questions to facilitate ROPA creation in alignment with upcoming U.S. state privacy laws and international regulations.
