In Ethyca, you can run reports to view all the information relating to your organization’s data flow map. This lets you carry out audits of the personal data that you’re currently processing or provide a paper trail for privacy law compliance.
Ethyca is cloud software that lets organizations easily manage all their data privacy requirements. It lets your team rapidly execute privacy tasks which would otherwise take many hours to complete. What’s more, its automation power removes all human error from the execution of these tasks – and people reviewing database tables row by row are very prone to mistakes!
In short: following the world’s privacy laws is made much quicker and much simpler with Ethyca. Oh, and your customers will love their privacy experience too. This has tangible impacts on your business’s bottom line.
The software consists of a front-end privacy center for your customers where they can file any privacy requests granted to them by data privacy law. This includes options to opt-in to “do not sell” agreements, update their consent preferences, or make requests to access, amend, or erase their data.
On the back-end, Ethyca has a number of features that help you create a powerful data management strategy. These include:
Ethyca helps you create a clear picture of how data privacy affects your organization and provides a seamless solution to address any potential gaps in your data privacy strategy.
But if that value doesn’t seem concrete enough, let’s talk time and money. Ethyca saves an SMB huge amounts of both in their efforts to comply with the privacy laws they are bound to follow. Per one recent study of businesses in the UK, it takes an average of 83 hours to complete a Data Subject Request in a business of 250+ people. The per-request cost of processing one of these requests amounts to an average of over $4,000. It should be clear that the only way to avoid crippling privacy management costs is to remove the person-hours from this process as much as possible via automation. That’s what Ethyca does.
What are these “Requests” we speak of? Simply put, your customers are entitled to make a series of requests of your organization relating to the data that you are processing about them. These are enforced by the leading data privacy laws across the globe such as General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD). Your organization is obliged to respect them. Ethyca helps you stay ahead of these obligations and capture the most value from your data management system.
Below is a list of the data subject rights imposed by GDPR, CCPA and LGPD which afford the customer certain entitlements that they can exercise by making a data subject request.
|• The right to be informed;
• The right of access;
• The right to rectification;
• The right to erasure;
• The right to restrict processing;
• The right to data portability;
• The right to object to processing;
• The rights in relation to automated decision making and profiling
|• The right to notice;
• The right to know;
• The right to delete;
• The right to data portability;
• The right to opt-out;
• The right to opt in (for minors);
• The right not to be subject to discrimination for the exercise of rights
|• The right to confirmation of the existence of the processing;
• The right to access the data;
• The right to correct incomplete, inaccurate or out-of-date data;
• The right to anonymize, block, or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD;
• The right to the portability of data to another service or product provider, by means of an express request;
• The right to delete personal data processed with the consent of the data subject;
• The right to information about public and private entities with which the controller has shared data;
• The right to information about the possibility of denying consent and the consequences of such denial;
• The right to revoke consent
The time frames by which an organization must complete a Data Subject Request along with relevant fines for violation according to the leading data privacy regulation.
|Time given to comply with Data Subject Request||30 Days||45 Days||15 Days|
|Maximum fine if right is violated violated||State bodies can be fined up to €1 million for failure to meet their obligations.
Multinationals can be fined up to €20 million, or four per cent of their previous year’s turnover.
|Unintentional violators can be fined up to $2,500 per individual affected, per violation.
Intentional violators can be fined up to $7,500 per individual affected, per violation.
|2% of a private legal entity’s, group’s, or conglomerate’s revenue in Brazil, for the prior fiscal year, excluding taxes, up to a total maximum of 50 million Brazilian reals.|
Your organization’s data privacy responsibilities need to be taken seriously, so you’ll need a robust and trustworthy system in place to get the job done right. Ethyca gives you the tools to do so, and those tools are designed to automate as much privacy management as possible. This lets you save valuable team hours and focus on the bigger privacy picture. Let’s take a deeper look at some of the functions that it automates for you.
Ethyca automatically creates a data inventory or map of your business’s data flow in real-time. This saves your team hours of effort with an instant, birds-eye view of your business’s data supply chain. Automated, dynamic data maps make addressing your customer’s privacy concerns simple, as they create a full picture of all of the personal data that your organization possesses. They also empower you to easily craft reports that are vital for regulatory compliance at fixed, minimal cost.
Data Subject Requests are one of the most important parts of modern privacy management. These are requests that your customers make to access their data, edit their data, or erase their data. You can view and respond to all of the Data Subject Requests that your business receives from a single control panel within Ethyca. This helps make light work of any Data Subject Requests that your team receives or, if your team prefers, no work at all, as Ethyca allows you to fully automate the process.
When a request comes from a customer, Ethyca scans all your different data systems to surface data related to the customer. Many businesses have 50 or more SaaS and owned applications storing user data, so you can imagine that it would take a long time to do this discovery manually! Once that discovery is done, Ethyca automatically identifies all data for a given user and generates a comprehensive, rapid response to any Subject Request at zero incremental cost to your team.
Sometimes a picture is worth a thousand words. Watch below to see how Ethyca manages Data Subject Requests:
An easy-to-use and easy-to-deploy consent management system helps you build user trust & leverage data with confidence. Users are more conscious than ever of the way their data is used by third-party apps, advertising platforms, and more. Privacy regulations require businesses to provide customers with controls for managing how a user’s data flows through these systems; without a solution in place, compliance risk is at stake and so are your marketing efforts.
Give up running social ads? No thanks! Want to minimize the risk of lawsuits and fines? Then you must have consent management systems in place.
Fortunately, Ethyca offers the most granular, comprehensive tools on market for making consent management easy. On the front-end, your customers can easily manage their data privacy preferences on your website at any time. On the back-end, Ethyca verifies the users identity, automatically transmits consent updates into every data system in your stack — and your advertising campaigns — while providing a clear audit trail to ensure compliance and minimizing reduction of your target audiences.
Ethyca integrates with your directory service to streamline access for different roles. This helps ensure that individuals within your organization only access the data that they’re supposed to. Permissions can be automatically determined based on privacy-compliant processing activities or manually assigned by a system admin if necessary. This means your teams can work uninhibited while still maintaining the highest standards of data privacy and security, with audit logs of any changes for your peace of mind.
As a legal must-have, Data Protection Impact Assessments require dedicated, reliable technology to be carried out efficiently. Ethyca streamlines the process by building DPIAs into the coding workflow and allowing them to be submitted via the command line. Impact assessments as code mean hours of back and forth email correspondence about a potential data risk turn into a single code-line command. Ethyca then automatically generates risk analysis reports for all processes, providing a comprehensive audit trail for regulators.
There are other tools that offer data privacy compliance solutions out there, but Ethyca goes deeper into your businesses tech stack – and consequently eliminates more of the manual effort – than any other tool on the market. Where other vendors may offer elaborate workflow tools to give a sense of thoroughness, we build all that thoroughness directly into our code, creating a user experience that’s streamlined, elegant, and still completely comprehensive for complying with privacy laws all over the world.
An effective privacy management strategy is fundamental for any modern business, and having the right tools to address your customer’s data privacy concerns efficiently is crucial. If you have any questions about data privacy management or about using Ethyca’s data privacy platform, please feel free to reach out and we’d be happy to help!
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team at Ethyca attended the PEPR 2022 Conference in Santa Monica live and virtually between June 23rd and 24th. We compiled three main takeaways after listening to so many great presentations about the current state of privacy engineering, and how the field will change in the future.
For privacy engineers to build privacy directly into the codebase, they need agreed-upon definitions for translating policy into code. Ethyca CEO Cillian unveils an open source system to standardize definitions for personal data living in the tech stack.
Masking data is an essential part of modern privacy engineering. We highlight a handful of masking strategies made possible with the Fides open-source platform, and we explain the difference between key terms: pseudonymization and anonymization.
The American Data Privacy and Protection Act is gaining attention as one of the most promising federal privacy bills in recent history. We highlight some of the key provisions with an emphasis on their relationship to privacy engineering.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Book a Demo