The privacy workflow is an expanded question-and-answer interfaces that helps privacy managers evaluate and document how each launch uses data. When a launch requires a privacy workflow, TerraTrue will use the Data Spec and your past launches to create a custom sequence of questions to gather insights about the projects and data practices associated with launch. Once a privacy manager completes the workflow, we provide them with a list of recommended actions, solutions, and safeguards. TerraTrue learns from your privacy workflows, so they'll get faster and smarter the more you use them.
Which laws does the privacy workflow cover?
The privacy workflow is designed for global privacy-by-design programs, but can also support region-specific laws. TerraTrue offers a growing range of privacy modules with dedicated workflows and detailed recommendations for specific laws — like CCPA/CPRA and GDPR. If you've enabled our GDPR module, for instance, you can document your bases for processing and we'll automatically identify when part of a launch requires a data protection impact assessment. You can enable modules in your org settings and, if you have specific privacy needs we don't cover, you can always create a custom workflow. If you'd like more information about how the privacy workflow is designed, contact us.
Completing the privacy workflow
Once the Data Spec is complete, you can begin the privacy workflow by clicking Begin Privacy Worksheet on the launch summary page.
If the Data Spec changes while you're working on the privacy workflow, we'll let you know how it changed and what to do next. You can also lock the Data Spec to prevent further changes.
The first page of the privacy workflow provides a quick overview of how the launch uses data. If you see anything that doesn't seem right — like an overly long retention period for a sensitive piece of data — you can make inline changes using the Edit button. We'll notify the person who completed the Data Spec that they'll need to revisit their work.
After the first page, the privacy workflow changes based on which modules you've enabled, the contents of the Data Spec, and any prior answers in the privacy workflow. If you're stuck on any of the pages, contact us or reach out to your customer success representative. For help completing DPIAs, LIAs, and PIAs in the privacy workflow, visit our article on privacy assessments.
On the last page of the privacy workflow, we provide a set of recommendations sorted by priority. Each recommendation has a checkbox you can use to track your progress. You can save the privacy workflow and revisit these recommendations at any time.
If you see issues you'd like to discuss with your product teams after completing the privacy workflow, tag them in a comment or message them with our Slack integration. The recommendations can only be viewed by users with the privacy workflow viewer or editor permissions.
When you're satisfied with your review of a launch, you can mark your review status as Complete on the launch summary page. We'll notify the launch creator, create downloadable PDFs of any privacy assessments you've completed, and add the launch's information to Privacy Central.