Building Better RoPAs: How to streamline your RoPA and uncover AI risk

Elle Bond: Okay, cool. Excited to kick this one off. Thank you again, everybody, for joining. My name is Elle Bond. I am representing the product marketing team at DataGrow, and I am joined by Lisa Wang. Hey, Lisa!

Lisa Wang: Hi, everyone!

Elle Bond: Lisa is our Senior Product Manager of Live Data Map, and she'll be sharing a really nice demo with us today and walking us through really a streamlined way to create Europa and so much more.

Elle Bond: But before we get started, just wanted to talk about how timely this webinar is. You know, we're seeing a lot of conversations more and more around ROPAS lately, and that's because, you know, regulations are continuing to shift, and organizations are under more pressure to show exactly how they're using personal data. But the reality, really, for privacy teams is that, especially privacy teams that are leaner, building a ROPA is still this

Elle Bond: tedious, manual, and time-consuming task. And so today, we're really going to talk and show you more about how to create a streamlined ROPA. And we're going to talk about how you can build and maintain an accurate ROPA, but also how you can do so to leverage, or for a powerful foundation of identifying and managing AI risk across your organization. So we'll dig a little bit deeper there.

Elle Bond: But before we do, we wanted to just take a step back and think about Europaum.

Elle Bond: How would you say you use it today? What do you see the primary value as? Is it GDPR compliance? Is it risk reduction, operational efficiency? Or is it AI adoption? You'll see a quick poll pop up, and you guys can lock in your answers.

Elle Bond: Let's see, I'm starting to see some answers roll in.

Elle Bond: Okay, thumbs up if you guys can see it.

Elle Bond: Let's see… Okay, yeah, I'm getting thumbs up.

Elle Bond: Okay, cool.

Elle Bond: So, this is really interesting. I'll give you about 30 seconds.

Elle Bond: Oh, we got the results already.

Elle Bond: Okay, if you guys can see the results, what's interesting here is that some of you are thinking of EROPA mainly as a compliance or a legal requirement, and that makes sense because that's essentially where we started, right? Now, others are seeing it as this privacy management tool, and some of you are already thinking about it as a strategic enabler, especially for new initiatives like AI adoption.

Elle Bond: So, everyone was right here, there was no wrong answer, but the bigger picture here is that while your ROPA began as, like, this compliance checkbox, it has evolved from a legal requirement to a strategic asset for your organization, and that's what we're going to dig a little bit deeper into today.

Elle Bond: Now, just as a refresher, most of us know what EROPA is, but at its core, a record of processing activities really originated with GDPR Article 30, and there's really this strict definition of Article 30, but if we take a step back and we level up.

Elle Bond: In general, when you look at the components of EROPA, let's say you're collecting customer details at sign-up, or you're processing payments, or storing employee records, even sharing information with a third party. Now, EROPA is going to capture it all. It documents things like what data elements are involved, who owns the process, how long it's being kept, and why that data is being used.

Elle Bond: Who it's shared with, and also when it's deleted.

Elle Bond: So, in other words, when you think of a ROPA, it's really the single place where you can see the full journey of personal data throughout your organization. And what's most important here is that it's not just best practice. Under GDPR Article 30, organizations are actually required to maintain a ROPA.

Elle Bond: So, how do you leverage this compliance requirement that you have to do some every 180 days to the full benefit of your organization? Now, we can see from the poll that we just did a few minutes ago that many of us are still

Elle Bond: thinking of Europa as this once-a-quarter requirement, something that you do just to satisfy GDPR, and then you maybe tuck it away until the next time you need to use it. But in reality, Europa can be so much more.

Elle Bond: Now, if you leverage Europa the right way, Europa can be a strategic tool that actually accelerates your business and helps you reduce risk and the privacy impact of AI initiatives.

Elle Bond: So, for example, did you know that ROPAs aren't just for GDPR compliance? They're also a shortcut to responsible AI governance.

Elle Bond: Just for example, let's say you're a fintech company, and you want to roll out a new AI-powered customer support bot. Now, by using Europa, you can quickly map what sensitive data that AI would access.

Elle Bond: you could flag potential risks and get legal and security sign-off in a matter of days as opposed to months. Now, what could have been a blocker to this new initiative turns out to be an enabler for a faster launch with less risk.

Elle Bond: Or let's… a second example, let's say that you're a larger retailer, managing privacy compliance manually.

Elle Bond: Now, before you fully map your data, or once you fully map your data, Europa is going to become this living document that we talked about, and it's going to help you cut time on vendor risk assessments. Let's say in half. It cuts it in half.

Elle Bond: So now you have time to free up your privacy team to focus on higher-value projects instead of endless manual tasks.

Elle Bond: And lastly, let's say you're a healthcare SaaS platform, and you're using Europa to prove to enterprise buyers that your data processes are not only compliant, but transparent and accountable. Now, that trust from Europa becomes this differentiator, because you're already proven you're responsible with data right out the gate.

Elle Bond: Now, this is going to help you close big deals with buyers a whole lot faster.

Elle Bond: And so, what's the takeaway here?

Elle Bond: Now, when you don't understand how personal data moves throughout your organization, you can't accurately manage the risks that come with it, which is why Europa is so invaluable. So, with the right automated tools, Europa isn't just this file in your desk from Q2, it really becomes a living asset that actively drives value across your organization.

Elle Bond: But let's not beat around the bush. The reality is, ropes can be hard to build and maintain, but that doesn't mean that you shouldn't have one.

Elle Bond: And here's a reason why you shouldn't.

Elle Bond: Only 34% of organizations have fully mapped their data. Now, that means the overwhelming majority are still operating with major blind spots. And really, this isn't surprising, because some organizations even report that it can take 2 to 3 months just to document the detailed description of each process and activity. Now, if you know anything about ROPAs, that's just a small portion of building the ROPA.

Elle Bond: Now, to give you more context and to give you a complete picture here, trying to build Europa without mapping your data is like trying to build a home without laying the foundation.

Elle Bond: If you don't know where the ground is solid, or where the plumbing will go, and if you don't lay that concrete first.

Elle Bond: everything that you build on top of it will be unstable. Now, those blind spots can lead to thousands of undocumented cloud services within your business, and contribute to over $1 billion in privacy violations, which is actually a 10x increase from 2022, so we can see that this is growing with no let-up in sight as of today.

Elle Bond: Now, when you look at these fines, these fines aren't just accumulated from big tech. Enforcement actually is scaling across industries, and we've seen it recently with automotive.

Elle Bond: healthcare, social platforms, and various industries. Now, for example, there was a $600,000 fine to an auto manufacturer for misusing vehicle and driver data in violation of CCPA. There was also a recent fine of $600 million to a major social platform for transferring data overseas in violation of GDPR.

Elle Bond: So we know that these data risks, they're multiplying, and even more so with AI adoption. Now, when regulators come knocking, what's the first thing that they want to see?

Elle Bond: your record of process and activities. And if you don't have one that's accurate and up-to-date, we've already learned what the consequences can be.

Elle Bond: Now, putting all this together, we can see here that mapping your data

Elle Bond: and having a ROPA non-negotiables. And that's because without clear visibility into what data is being used and why, compliance starts to become this guessing game. And that guessing game can open the door to costly fines, as we can see, enforcement, and also reputational harm.

Elle Bond: Now, based on some recent Gartner research, organizations without strong data foundations risk struggling to scale AI securely. And this is true. You know, AI isn't magic. In some cases, it's only as reliable as the data behind it. And we know that data mapping is that foundation, right, of building that house that we just talked about. Well, the ROPA is also the blueprint to the house.

Elle Bond: And you can't add that second floor that you and your spouse have been dreaming of without knowing if the first floor can hold it, right? So in that same way, AI can't scale safely without a mapped, trusted foundation. And so, how do we establish one? Well.

Elle Bond: When you think of best practices for creating Europa, think of 4 separate steps.

Elle Bond: The first one is going to be, you want to understand your system landscape, and you do that by bringing all your SaaS and internal systems into scope. And because all these systems don't carry the same level of risk, you should prioritize high-risk systems, such as those processing sensitive data or AI-enabled tools for immediate ROPA inclusion.

Elle Bond: Now, your second step

Elle Bond: from your prioritized systems, you then want to map processing activities to their corresponding processing purposes. Now, this will help you to clearly document what each system does and why it's used. Now, that's going to help you to create the foundation for the rest of Europa.

Elle Bond: Now, once your primary processing activities are captured, this is really where you complete the required details of that Article 30 rule fund.

Elle Bond: In your third step, remember, a comprehensive ROPA includes, inclusion across your organization. So this is where you tap HR, IT, and your marketing and other departments to review relevant process and activities to ensure accuracy and completeness.

Elle Bond: And your final step.

Elle Bond: You know, Europa should be a living document, and as new systems and regulations continue to change, Europa quickly becomes outdated, which is why having an accurate, up-to-date ROPA is so crucial. And because of this, we recommend that you revisit Europa every 180 days to keep it current.

Elle Bond: Now, let's put this all together. Now, based on the best practices that we see here and we've discussed, really the key to success lies in choosing the right approach to execute these steps, and it usually comes down to 3 different options.

Elle Bond: The first, you can do it manually. Now, this is really where organizations begin their ROPA journey, but it presents a problem to privacy teams. Privacy teams that are already juggling hundreds of systems, each collecting data in different ways.

Elle Bond: Growing volumes of personal data, scattered processes, and of course, rising regulatory pressure.

Elle Bond: So then you layer in manual mapping that ultimately drains internal resources and adds endless stakeholder interviews. And let's not forget those evolving regulations we already discussed that make ROPA stale the moment that they're completed.

Elle Bond: And lastly, throw in shadow IT and AI tools, popping up everywhere throughout your organization, and it's no surprise why it's hard… why a team struggle to keep robust current, or they fall behind altogether with the manual approach.

Elle Bond: The second option, you could hire a law firm.

Elle Bond: Now, let's imagine that your team doesn't have the time or the manpower to put together a ROPA, so you pass it off to a law firm. You know, your head is in the right place, because it may be the most expensive option, but at least your team could sleep at night knowing that your ROPA is accurate and complete, right?

Elle Bond: Well, in many cases, that's often still wrong. You know, we've seen a lot in examples of a company that passes off their ROPA to a law firm, and the benefits, of course, are, you know, they're legal professionals, and they can pull it together quickly, and it's a compliance checkbox for the short term.

Elle Bond: But really, the downside is that most law firms don't have extensive experience in data privacy operations. And oftentimes, as a result, the robot that the teams spend upwards of $50,000 on are often incomplete, and in some cases, completely inaccurate.

Elle Bond: Now, why does this happen? It happens because law firms rely on employees across your business to provide the details they need. Now, these aren't… these are just application owners who are privacy… who aren't privacy experts, who don't always know what's relevant, and who can easily forget which systems to include.

Elle Bond: So even after spending a lot of money, your team can be left to piece together a fragmented view of your risk exposure. So what's your last option?

Elle Bond: Well, you can use a privacy platform, and this is really where automation and live data mapping comes into play. So instead of spending weeks pulling together a static ROPA, the right privacy platform really gives you a living, accurate, and continuously updated resource.

Elle Bond: And with our most recent launch, we really aim to make it easier to keep compliance current.

Elle Bond: And to help teams really build an automated AI-powered ROPA, one that you can leverage as a strategic business advantage. Well, how can you do that?

Elle Bond: Well, you can do that with a complete privacy automation platform like DataGrail, one that provides everything privacy teams need all in one place, all in one place, from data mapping to DSAR and consent management to risk assessments, all within a single platform.

Elle Bond: Now, privacy teams gain visibility, they gain control and automation that they want across their entire privacy program.

Elle Bond: Well…

Elle Bond: With our live data map capabilities, we help you to streamline the entire process by building and maintaining a complete system inventory using our patent system detection.

Elle Bond: And from day one, we help you to identify high-risk processing activities, even showing you whether or not they're using AI, so that you can flag and process it correctly without costly and unnecessary scans.

Elle Bond: And our AI agent and live data map really does the heavy lifting for you by automatically uncovering hidden personal data, surfacing systems, vendors, and data elements across your organizations through more than 2,400 integrations. So instead of relying on assumptions or stakeholder interviews to build Europa, you're working with real-time validated information.

Elle Bond: And lastly, your live data map, our live data map auto-recommends process and activities with pre-filled, relevant processes so that your team can document faster, stay accurate, and stay ahead of compliance. And what's the result for all of this?

Elle Bond: Well, you're not only audit-ready, but your privacy program is now built on an accurate continu… or built on accurate continuous insights, giving you confidence that your rover reflects exactly what's happening within your business.

Elle Bond: Now, essentially, live data map really replaces outdated manual methods that we already talked about with AI-driven data mapping. And as a privacy leader, when you think about the big challenge you face of how do you keep robust current without tying up internal resources, or how do you help your business stay compliant without getting stuck in long manual processes.

Elle Bond: Well, when we built on to Live Data Map, it was really with the goal of making it easier to see where personal data lives, how it's being used, and even how it flows through your business, including AI projects, without adding months of manual work.

Elle Bond: And as the privacy leader, this really is going to help you to enable your business to move faster, supporting new projects with confidence that privacy is accounted for, risks are identified, and compliance checks are current. So instead of slowing down projects, you're really enabling the business to move forward safely and efficiently.

Elle Bond: Now, we've talked a lot about what this can do, but I always think it's better to see it in action, so I'm going to pass it to Lisa to give us a demo.

Lisa Wang: Alright, hi everyone! Hopefully everyone can see my screen.

Lisa Wang: Elle, you wanna give me thumbs up?

Lisa Wang: Awesome.

Lisa Wang: Alright, so…

Lisa Wang: For those of you that are not familiar with Live Data Map, I'll do a quick introduction to, sort of, the different parts of our platform. So, as you can see here, within Live Data Map, we have our systems.

Lisa Wang: And this is going to be kind of your source of truth for your business applications, internal systems that you're using across your organization. We also have our processing activities, so as many of you know, this is kind of the, the foundation of our ROPA. And then, of course, data classification, right? So we have responsible data discovery as a tool that can help you pinpoint, specific data within your internal, internal systems.

Lisa Wang: We're not gonna walk through a comprehensive demo of all of the different parts of Live Data Map today. We're gonna focus on really helping you, build a record of processing activity within, within DataGrail.

Lisa Wang: All right, so, one of the hardest things, as Mel, as Elle touched on, about creating a data map or ROPA is really getting started, right? This can often take, you know, months of interviewing stakeholders, and so with LiveDataMap, we can help you create the foundations of a ROPA and a data map much more efficiently, as well as accurately. And how do we do this? So we start with integrating with your core application.

Lisa Wang: like your SSO, so, for example, Okta, Salesforce, Slack, Marketo, and we continuously discover business applications that may be connected to those core applications to give you a live and accurate view of all of the data and systems and use within your organization.

Lisa Wang: In addition to detecting your systems, we also provide critical risk

Lisa Wang: insights right off the bat. And so, as Elle mentioned, right, we, are able to give you critical insights around what personal data is likely being processed, as well as what systems are more likely to have, higher risk profile, whether it's they're likely, more likely to process sensitive personal information, as you can see here, as indicated by this

Lisa Wang: SBI chip.

Lisa Wang: And, you know, one of the things that our customers really, really care about and is top of mind right now is understanding AI usage across their organization, right? What systems have AI capabilities, AI sub-processors? And you'll see that we are surfacing these risk insights at the system level so that you can really prioritize your time and efforts on making sure that your high-risk

Lisa Wang: Systems and processing activities have the right protective measures in place.

Lisa Wang: And so let's walk through a quick example. So, again, AI has been top of mind for everyone, right? And so we've had a lot of customers, after, reviewing their initial systems list.

Lisa Wang: focus on, you know, what are some of the AI tools that we've detected as, having been being in use within their organization, right? So let's take Anthropic, for example. Once you click into, you know, a system profile, our AI agent has done a lot of the heavy lifting in terms of researching, what this tool is, some helpful resources, including their subprocessor list.

Lisa Wang: And from here, you can really start to assess, you know, what is the… what is the potential risk associated with the use of this AI system? So many of our customers will conduct a AI risk assessment to proactively address, you know, what are the purposes, you know, associated with using this tool, and making sure that we're proactively.

Lisa Wang: Looking at the data sources, right, that may be processed, and ensuring that the employees or the team members that are using this tool, are following the policy set up by your organization.

Lisa Wang: Recently, we've spoken to a couple of customers that also have gone through the ISO 27001 audit, and they mentioned that this was a great way to demonstrate that we're proactively surfacing, you know, new tools, as well as creating risk assessments to assess, you know, how these tools are being used, and making sure the right safeguards are in place.

Lisa Wang: So if we look at some other examples, right, again, we're focusing on tools that have the highest potential risk.

Lisa Wang: And so, of course, the processing of sensitive personal information is going to be top of mind, right? We want to make sure that, you know, for systems even like ADP, which is a common sort of HR benefits processing tool or payroll processing tool, it's very likely to process a lot of employee sensitive information, right? And so.

Lisa Wang: Focusing on where your highest risk systems are and what they're being used for is really what, Live Data Map is going to help,

Lisa Wang: Help you drive your limited time and efforts to making sure that all of those high-risk processing activities are captured within your record of processing activity, and that you're able to, you know, document any sort of risk assessments and proactive ways of managing the risk associated with the systems across your organization.

Lisa Wang: Now, moving on to your processing activities.

Lisa Wang: This… give me one second…

Lisa Wang: We're refreshing. Okay, looks like we have…

Lisa Wang: Okay, we're gonna keep going. So, moving on to our processing activities, we, it's critical, right, as part of creating Europa, to map out all of the processing activities within your organization. And this is often a very, very, difficult thing for our customers to do, right? This also involves sort of manual, conversations with stakeholders.

Lisa Wang: And a big part of how we're solving for that is through, automating that process through suggested processing activities.

Lisa Wang: I'm gonna quickly stop sharing, just to make sure, this is…

Lisa Wang: The product is actually showing…

Lisa Wang: Of course, live demos are, always, always fun. Give me one second…

Lisa Wang: Alright, bear with me. Of course, we're gonna run into…

Lisa Wang: Some last-minute issues. I'm just gonna pull up a new demo environment so we can walk through this together.

Elle Bond: And while Lisa's pulling that up, if you guys have any questions, feel free to drop them in the Q&A box, and we will try to answer them throughout the rest of the demo and the presentation. So thank you for your questions, we're gonna try to get to those.

Lisa Wang: Okay, all right, it looks like we are, having… having some issues across the platform. One second in our demo environment. So, I'm just gonna quickly talk through,

Lisa Wang: talk through our new processing activity capabilities. Let me just pull this back up.

Lisa Wang: I'm so sorry about this, … Alright.

Lisa Wang: Okay, you know what? We're gonna dive into our, internal demo environment, because this is gonna showcase our capabilities. Okay, we're back. Thank you all for bearing with me. Live demos are always fun. So, as I was saying, you know, processing activities, tend to be something that, again, is a very manual process to capture what's going on across your organization. And so.

Lisa Wang: What we've recently introduced is, suggested processing activities.

Lisa Wang: And this is really based off of, you know, some of the pain points that customers have shared with us in terms of having to manually research what systems are used for what, and what processing activities may be relevant.

Lisa Wang: And so we have our AI agent that's going to be researching, all of the common systems that you and I all use, right? Zoom, Rippling. And based on what those systems are commonly used for, we are going to recommend, processing activities, right? So, for example, if you take ADP,

Lisa Wang: or Workday, or Rippling, we know that those systems are commonly used for benefits administration, and so we're going to recommend that benefits administration be a processing activity that you may want to add and capture for Europa. And so, taking this model, right,

Lisa Wang: for example, payment processing, right? So we have a number of systems that we've detected that are likely used for payment processing, and so we're going to recommend that you add this processing activity. And so for some of the most common business processes within your organization, like HR, recruiting, IT, and security, we're able to automate the assignment of processing activities based on the systems that we've detected for you.

Lisa Wang: And in one click, you can really build out a pretty solid foundation of your processing activities and your data map. And we have a lot of customers, you know, in very niche industries, such as, you know, fintech or sports gambling.

Lisa Wang: And what that allows them to do is focus their time and effort on really adding sort of custom processing activities that are associated with their industry or their use cases that we may not be able to capture, right? So you're, again, focusing your time and effort on more of the strategic aspects of creating a robot, as well as, you know, capturing some of the details of processing that

Lisa Wang: we would not be able to know that you have the context and expertise to capture for Europa.

Lisa Wang: And so, after we've mapped out our processing activities, this is where we're going to dive into actually making sure that the record of processing activity is, up-to-date, and that you have all of the details that you need.

Lisa Wang: Jump back into full screen view.

Lisa Wang: So, for example, let's take, customer onboarding, right? So again, I'm working in a demo environment, so this isn't, this is, this is not going to be exactly what we planned, but, we're gonna walk through the features, and just bear with me, and please feel free to ask any questions, as well.

Lisa Wang: So for customer onboarding, let's say we've assigned a number of systems associated with customer onboarding, based on our processing activities that we've suggested, and some things that maybe you fine-tune. And on the ROPA tab, you'll see all of the details, for a record of processing activity that you'll need to capture.

Lisa Wang: And so, with any systems that you have added to this customer onboarding robot, we're going to pre-fill as much information as we can, based on what we know about those systems, right?

Lisa Wang: again, we are in my, my internal demo environment because we had to pivot, but for data subjects or personal data categories, right, you're going to have, information that the AI agent has completed in terms of research, on the systems, and we're going to pre-fill as much objective information as we can for you, so that you can focus, again, most of your time and effort

Lisa Wang: on refining the details of your record of processing, and maybe adding things such as, you know, determining the legal basis for processing, right? So, we're going to do a lot of the heavy lifting for you so that you can focus more of your time

Lisa Wang: On refining the details, of all of your, all of your processing activities and, the, the necessary information you need.

Lisa Wang: And then, of course, we know that collaboration is a big part of, managing, and maintaining a record of processing activity, so there's a couple of different ways that you can contrib… add contributors and collaborate on EROBA, one of which is going to be adding contributors directly to a specific record of processing activity. So, for customer onboarding, maybe you want to add

Lisa Wang: some folks from your CS team. Maybe you want to review this with your stakeholders within your organization. You can send an email, you add the contributor's email, and we are going to just send them a copy of this specific customer onboarding robot for them to review. Without having to access Datagrail, they're able to help, and contribute

Lisa Wang: to this robot.

Lisa Wang: And then, after we, …

Lisa Wang: After, after you've had a good sense of the information that you want to capture.

Lisa Wang: You can also download a PDF of this record of processing activity, and this is also another way for you to share this out with stakeholders for review, or your customers, or vendors. You can do this by specific

Lisa Wang: processing activities, so individual processing activities. We also, have the CSV export of all of your processing activities within, you know, a CSV exportable format that you can refine and format to really meet some of your specific formatting needs, or adding, you know, your internal

Lisa Wang: formatting requirements as well. All right, we're gonna dive into some questions here. I know that…

Lisa Wang: There's a number of, different… Questions that are coming in.

Lisa Wang: are client records ever used to improve the AI model? Okay, Kendall's already addressed that. Yeah, so we are, …

Lisa Wang: We are training, our AI model, on publicly available information, to detect, basically do the research around what systems are, commonly used for, their processing activities.

Lisa Wang: and, you know, some of their AI capabilities as well, right? So every 6 months, we're going to be running a, a refresh to help capture any new information on, you know, commonly used applications.

Elle Bond: I'll pull some questions for you, Lisa. Another question that we got is, how is the agent assessing those systems? Assume it would need read access to all your systems.

Lisa Wang: So, as I was saying, the way that we, our AI agent is conducting this research is actually on publicly available information. So think, you know, the, the actual, you know, blogs, websites, available to better understand, you know, what are the different types of use cases and common processing activities that that system is used for.

Lisa Wang: So, we're not necessarily needing access to, to your systems.

Lisa Wang: We do have responsible data discovery, so for highly configurable systems and, internal databases where, again, we would need to scan your systems to pinpoint the specific data that's being processed, that's a separate, capability that we have, and we will, we will need to

Lisa Wang: Basically get… work with you and your team, to run the scans for those internal databases.

Elle Bond: Okay.

Elle Bond: And then we had another question from David. He said, so is this… is our webinar mainly about using AI to do data mapping, not using AI to look at AI activities within your organization? And so we've covered both. I did go and answer that question. If you joined a little bit late, at the very beginning, we talked about leveraging a data map and the use of AI, and then later on.

Elle Bond: Using your robot to give you visibility into where AI is being used within your organization.

Elle Bond: So let's see… Any other questions that we may have missed?

Lisa Wang: Yeah, on that note, one of the things that we're actively working on in terms of improving

Lisa Wang: your ability to assess different types of AI capabilities across your system inventory. Our team is actually actively working on improving, sort of, that AI-detected, AI-detected feature, where we're gonna give you more specific descriptions of how a particular tool or vendor is using AI. So, being able to actually show description to say, you know, this tool

Lisa Wang: we know that this tool is using, is training a model using customer information to determine, you know, X, Y, and Z. Or, actually, this tool has a feature that has Gen AI capabilities, right? So there's a lot of different types of AI usage that I know our customers are really keen on understanding, and so we're actively working on a feature enhancement there where we can actually give you a

Lisa Wang: more specific description of, how, tools are different… different tools are using AI within,

Lisa Wang: Within, within scope, yeah.

Lisa Wang: Hopefully that also gives you a little bit more, color on where we're going.

Elle Bond: And our last question we have, Lisa, Courtney asked, how do you manage retention of ROPA records, and what happens when your organization stops using… or when an organization stops using your service?

Lisa Wang: That is… that's a great question. So we, as I mentioned, there's a lot of different ways that we can export, and, and document, sort of, your, your data map, right, over time. I know that inter… internally, right, customers are constantly, going through different tools.

Lisa Wang: Some tools may, may be archived, but you'll still be able to maintain a historical record within LiveDataMap on, you know, the record of processing, and the details of that system. So that information we can help retain over time, and I know that one of the things that our customers are asking for is actually having sort of a separate kind of archived record

Lisa Wang: Of, of their systems that, you know.

Lisa Wang: They still want to be able to see, but it's kind of not part of their live data map in terms of their ongoing management.

Lisa Wang: And then, you know, as we think about, different ways to, you know.

Lisa Wang: export the details of your record of processing activities. There's different, use cases that our customers have mentioned, so you can export your data map, as I mentioned, in a CSV, to PDF format as well, if you want it to be more of a, individual record of processing activity. So there's a lot of different ways that, you know, our customers can go about sharing this information, retaining

Lisa Wang: the records, and, you know, we're going to continue to build out different ways to help manage the different use cases there.

Elle Bond: Okay, awesome. We did get some really good questions, and, I'm going to…

Elle Bond: like, pivot over, let's see. Lisa, if you can see my screen, you want to share with us about Populo?

Lisa Wang: Yeah, yeah, so, you know, we've been working very closely with Populo on, getting their ROPA, stood up, and with the recent release of

Lisa Wang: our suggested processing activities. I think this was a really big game changer for them in terms of very quickly mapping out the core processing activities across

Lisa Wang: Their organization so that, again, they can focus

Lisa Wang: most of their time and efforts on adding, you know, the specific use cases, related to their organization, right? So they're a, you know, communications SaaS platform, and so there's a lot of nuance to the different processing activities within their organization.

Lisa Wang: And so, this new feature has been able to really get their record of processing activity, really the foundations of that put together much more quickly. So, just a great example of, you know, a customer that we've been working with very closely that's seen the benefits of some of the automation that we were able to provide.

Elle Bond: Awesome.

Elle Bond: And lastly, we wanted to first thank everybody for all the questions in the Q&A, which is super awesome, and thank you for joining our webinar today. Hopefully, you got some really good insight today about ROPA usage. And before you leave, you're going to get a survey, or if not after, to just give us some insight about your experience with this session today. And if you're interested in learning more about DataGrow, let us know in the survey, and we would love to have

Elle Bond: Someone reach out to you.

Elle Bond: Thank you, everybody.

Lisa Wang: Thanks, everyone!