Document toolboxDocument toolbox

Request for Data - Standard Operating Procedure

Summary / TL:DR: This article will show you the standard operating procedure for data requests. This approvals process is required by the privacy team for all data requests in an effort to adhere to best practice principles; and to comply with our data protection laws and multiple IT security standards.

This process should be followed for all requests for data, including those made from outside our affiliate businesses, e.g. ECC, Accounting, etc.


How to request approval for data pulls


Accessing OneTrust and navigating to the Assessment Automation module

  1. Log into OneTrust via OneLogin and click on the OneTrust icon to open OneTrust.

     

  2. OneTrust is linked to Single Sign-On and will automatically log you in; permissions for OneTrust have been assigned allowing you to assign assessments only

  3. Once in OneTrust, you will be directed to the welcome screen. Click on the “Assessment Automation Module” icon.

  4. NOTE: Your view of the welcome screen will not match the below and you will only have access to the Assessment Automation module


Launching a “Request for Data” assessment

  1. Once in the Assessment Automation module navigate to the left-hand menu and click on the “Assessments” icon

     

  2. In the “Assessments” tab, locate the “Launch Assessment” icon, which is a large blue button in the top right-hand area of the screen

     

  3. This will bring you to a new screen and you will be asked to select a “Template” assessment to launch. This will always be the “Request for Data Assessment” template

  4. Once selected a new screen will open with a number of fields to be completed to launch the assessment

     

    1. Name: The following naming convention should be applied “Request for Data” followed by the “JIRA ticket number”. For example: Request for data PUBST-123456. This will make the assessment easier to locate once submitted and approved/rejected

    2. Organization: Please choose the organization/affiliate business who have raised the request for data from the dropdown menu. Note that all US business fall under Monument & Cathedral and all International businesses fall under Agora Holdings Limited.

    3. Launch Without Setting a Primary Record Field: Ensure this option is enabled by checking the box. When checked the “Primary Record Type” option will disappear. If unchecked, you will be required to set a primary record for the assessment which is not required at this stage

    4. Respondent: Please input the email address of the recipient of the assessment here, ie the person who has raised the ticket. Please note, if this person already has a OneTrust account their details will populate as you type. If not, ensure this field contains the full and correct email address for the person receiving the assessment

    5. Assign section while launching this assessment: Please ensure this option is not enabled

    6. Approver: This field can be left blank as we have rules in the backend of the assessment that will auto-add an approver upon assessment submission.

    7. Assign approver workflow stages while launching this assessment: Please ensure this option is not enabled

    8. Show More Details: By clicking this option additional settings for the assessment will appear. The two relevant fields to be completed are the “Deadline” and “Reminder” fields

      1. Deadline: Please set the deadline for the completion of the assessment to “x” days after the assessment has been launched. The date entered here should be one that allows for the request to be completed within your current SLA for this type of request. Please note that the Privacy Team will review the assessment within 24 hours after the assessment has been submitted.

      2. Reminder: Please set a reminder email to be sent “x” days before the deadline date.

  5. Once all required fields are completed, the blue “Launch” button located in the bottom right-hand corner of the screen will highlight and you can now launch the assessment

     


How to verify if a request has been approved or rejected

You can check on the status of a OneTrust request by looking at the Stage field:

Assessments go through four stages:

Stage

Description

Stage

Description

Not Started

The respondent of the assessment has not answered any questions on the assessment and most likely has not started it at this point. All assessments will start in this stage.

In Progress

The respondent of the assessment has answered some questions but has yet to submit the assessment for review.

Under Review

The respondent has submitted the assessment for approval, but the assessment has not yet been reviewed.

Complete

The assessment has been reviewed and either approved or rejected.

 


Video walkthrough:


Wrap up

You should now know how to request approval from the privacy team when there is a request for data.

com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'html-macro' is unknown.