Ten steps ahead of privacy regulation
GoFundMe’s culture centers on the idea of fundamentally doing right for others. When Gauri Manglik joined the team as the Deputy GC of AI, Privacy, and Product, she expanded this cultural idea into GoFundMe’s privacy practice, offering users far more than basic compliance to help grow brand trust and enable product innovation.
One of Manglik’s first priorities at GoFundMe was to evaluate the Data Subject Rights (DSR) process for efficiency improvements. As Manglik explained, DSRs are one of a company’s best opportunities to build users’ trust that their rights are honored.
With over 200 requests a month, processing requests manually was taking up the majority of the privacy team’s time, when Manglik knew they could instead be taking more proactive measures like updating internal procurement policies and providing internal trainings for long-term impact.
By implementing DataGrail, GoFundMe configured 30+ integrations offering end-to-end DSR automation through on-premise and cloud tools. Requests could now be completed faster than ever before, and the team’s time was spared to work ahead preparing for regulation changes as well as emerging considerations in the privacy space, such as AI governance.
Moving to a more efficient DSR process also helped GoFundMe standardize their privacy experience after acquiring the B2B organization Classy, giving users access to more resources without losing access to privacy rights.
Manglik centers empathy at the heart of her privacy practice. She explains that internally, this means being a true partner to other teams, taking the time to understand pains across the organization in order to help others value privacy as a business strategy.
In a past role, Manglik saw that keeping up with risk across the company’s tech stack was an extremely manual and time-consuming process for IT and Security teams. Manglik shared the System Inventory report generated by DataGrail Live Data Map. Leveraging DataGrail’s integrations, the team had instant insight into 500+ systems in use across the org, as well as the risk profile of each system. Plus, Manglik and her team could also generate a Record of Processing Activity (RoPA) for GDPR compliance as needed.
To support teams while effectively managing risk, Manglik launched cross-functional programs such as an AI Governance Committee. This initiative allows GoFundMe to embrace AI while working ahead of legislation, proactively completing AI risk assessments and providing mechanisms for users to opt-out of automated decision making technologies
A successful privacy program isn’t racing to catch up with new privacy legislation. A privacy leader should be planning for what’s next: to do this, Manglik recommends embracing an attitude of continuous improvement. At GoFundMe, she’s developed a privacy roadmap to signal to the company the value of working ahead and truly enacting privacy-by-design principles throughout their work.
Manglik also emphasizes the value of finding a true partner for data privacy. After working with DataGrail in prior roles, she was glad to discover that GoFundMe was also part of DataGrail’s community. Manglik recognized DataGrail as not only a technical partner for automating request management and data mapping, but as a team deeply knowledgeable on privacy that could truly partner on her vision.
GoFundMe was recognized as The Visionary in the 2024 Data Privacy Hero Awards.
Find out how DataGrail can
work for your business