What makes TerraTrue such a powerful review tool is its ability to collect structured data. Our taxonomy questions, which are what primarily make up the Data Spec, allow users to select values from a dynamic list of taxonomy items. Your TerraTrue Taxonomy has 7 taxonomy types that all have their own customization hub in settings. Below is a list of the 7 types, along with some examples from TerraTrue's default taxonomy:
- Data Subjects: customers, prospects, employees, contractors
- Data Uses: build interest profiles, manage employee devices
- Data Types: email address, phone number, genetic information
- Data Regions (also called ‘Data Transfers’ in settings): Europe, United States, California
- Retention Periods: 7 days, account duration, indefinitely
- Third Parties: Amazon, Google, Mailchimp
- Launch Goals: develop new products, onboard a new vendor
These taxonomy items can all be configured with risk levels, SPI (Sensitive Personal Information) flags, custom branching logic, privacy modules, and more. The benefits include:
- More powerful reporting from multiple dimensions. Your reporting hub won't just be a spreadsheet of answers collected in a form. You'll be able to see the relationship between taxonomy items, such as the data types associated with specific data uses across all launches.
- The ability to create custom logic that fires based on taxonomy selections, or build conditional questions that appear after a certain taxonomy item is selected. For example, if business user indicates that the launch's data subjects are "Employees", you could configure additional questions to appear that clarify which internal teams or groups this launch pertains to.
- Built-in guidance that cites specific privacy laws, triggered based on taxonomy items selected. For example, selecting Europe as the region where data subjects are located would ensure the privacy reviewer can later record what the Bases for Processing are.
Here's another example: if a business user goes through a Data Spec and selects several high-risk data types for their launch, this might trigger a DPIA for the privacy reviewer once they begin their review. Or, if the business user indicates they are collecting a sensitive data type but are not collecting consent, TerraTrue would warn them against this.
Setting up your Taxonomy
When you first set up TerraTrue, we give you an out of the box taxonomy that’s fully populated with common values and triggers. Many of our customers only need to add a few custom types before they start creating launches, and then add new ones along the way. There is also the option to import your own list if you have one that’s maintained and ready to go.
Admins have the ability to edit, delete, or hide any of these items in settings at any time.
We’ll cover how to view reports on the taxonomies collected in more detail later, but for now, it’s key to understand that:
- A Launch contains a Data Spec, which is intended to collect key information about how data is being used
- Data Specs contain taxonomy questions that collect structured data and trigger personalized guidance for the business user and reviewers based on what’s been selected
- Once the Data Spec is complete and all reviews on the launch are completed, this structured data flows down to your reporting tools, such as your ROPA, where you can easily drill into the data types, uses, etc. that have been documented.
You can read more about how to customize your taxonomy here: Customizing TerraTrue's taxonomies.
Next, let’s focus on how you can design an intake process that collects all the key information you need.