Model Contract Clause Privacy Assessments
Ensure your Business Operations are Compliant with your Model Contract Clauses


Model Contract Clause Privacy Compliance


Powered by TRUSTe Assessment Manager


MODEL CONTRACT CLAUSE ASSESSMENTS


If you are using Model Contract Clauses as your EU Data Transfer Compliance mechanism, you need to ensure you can demonstrate your business operations and privacy practices are actually consistent with the clauses.

Our Global Privacy Solutions (GPS) team works with companies to conduct a Model Contract Clause Assessment for compliance against EU Data Protection Directive 95/46/EC requirements as part of the due diligence and accountability obligations under the Model Contract Clause regime. Benefits include:

  • Accountability–on–demand to demonstrate to regulators that compliance mechanisms and operational components are in place to complement Model Contract Clause execution
  • Rapid and streamlined process implementation, in as quickly as one week, by leveraging any work already performed under the original EU-US Privacy Shield program and the workflow benefits of TRUSTe Assessment Manager technology
  • Competitive advantage by being first to assure business partners that your company has reviewed and assessed policies and practices for compliance and risk mitigation
  • Centralized SaaS-based repository of compliance evidence available to you on Assessment Manager throughout the year, including full technical support, to update your assessment for new information and business changes

ACCOUNTABILITY & DUE DILIGENCE OBLIGATIONS


Under the Model Contract Clause regime, a company under contract “agrees and warrants” that the transfer and processing will be carried out in accordance with the relevant provisions of the applicable data protection law and does not violate the relevant provisions of the state.

As such, companies must be able to demonstrate compliance. TRUSTe can assess against compliance with the EU Data Protection Directive 95/46/EC, along with additional requirements stated under Model Contract Clauses. If a company has an existing assessment under the original EU-US Privacy Shield program, TRUSTe can streamline the process by leveraging existing work as there are common requirements under both regimes.

Though not exhaustive, the following is a small sample of controls that must be in place to demonstrate compliance:


  • Limit information collection as specified in Privacy Notice
  • Use personal information only for specified purposes
  • Verify accuracy and completeness of individuals’ personal information
  • Make updates to personal information as required to fulfill purposes for which the information is used
  • Limit collection to information that is reasonably necessary to carry out purposes for which it was collected
  • Authenticate individuals’ identity before granting access to information the organization holds about them
  • Provide Privacy Notice prior to collecting personal information
  • Inform individuals of data transfer and processing of personal information
  • Provide identity of data controller and contract info
  • Obtain consent for direct marketing communications
  • Verify whether third party sub–contractors and sub–processors have consistent practices
  • Provide individuals clear and conspicuous mechanism to request access or deletion of their personal information, consistent with how individuals interact with the organization
  • Describe information disclosure and sharing practices in Privacy Notice
  • Notify the data subject of the existence of the right of access to and right to rectify the data
  • Describe the process for an individual to access personal information in Privacy Notice
  • Implement procedures by which individuals may determine whether the organization holds information about them
  • Provide individual confirmation inaccuracies have been corrected
  • Submit data processing activities for audit by contracting organization or legal authority

The Model Contract Clause Assessment process can be completed as quickly as one week and take approximately 4 to 6 hours of your team’s time, including time dedicated to documentation gathering, reviewing your Findings Report, and discussing any gaps and remediation recommendations. You should also plan some time to take any recommended steps to update your existing privacy program and supporting documentation as needed.

Assessment Features


Discovery & Assessment

The TRUSTe team will provide you with instant access to the Assesment Manager SaaS-based platform and will walk you through the Model Contract Clause Assessment. This is based on approximately 86 questions testing against specific controls necessary under the EU Data Protection Directive and Model Contract Clause regime. With the assistance of Assessment Manager’s built-in regulatory intelligence, we will conduct a comprehensive assessment.

Tracker Scanning

TRUSTe will apply proprietary scanning technology to the applicable digital properties providing insight into personally identifiable information (PII) data collection, first and third party trackers on your property, and level of risk through the Privacy Sensitivity Index (PSI).

Findings Report

We deliver a Findings Report that includes a summary of requirements that are met, along with gaps and recommended action items. This provides clearly defined steps so you can direct resources and swiftly implement a Model Contract Clause program.

Ongoing Guidance

TRUSTe privacy experts provide policy guidance and advise on how best to package documentation to demonstrate that compliance mechanisms are in place.

Searchable Audit Trail

All of your assessment work and supporting documentation is available in a central repository for you to easily search, providing you with a way to respond to inquiries and demonstrate compliance for internal / external audits.

Dispute Resolution

TRUSTe provides a third-party dispute resolution service, which helps you efficiently manage privacy inquiries from customers, and addresses the dispute handling requirements of globally recognized privacy frameworks.

TRUSTe Privacy Feedback Button

We provide you with external demonstration to consumers, business partners and regulators that your company uses TRUSTe technology and tools to manage privacy related questions or concerns. The Powered by TRUSTe Privacy Feedback Button may be placed on your digital Privacy Policy page and links to a mechanism for consumers to submit questions or feedback.

Privacy Feedback

TRUSTe Technology Platform

TRUSTe Assessments and Certifications are powered by TRUSTe Assessment Manager, our innovative SaaS technology solution that provides state of the art interactive compliance review, centralized on-demand reporting, searchable audit trails, and much more.


TRUSTe Advantage

TRUSTe offers privacy program development and guidance, plus the people and technology to implement and sustain it. Our comprehensive solutions can help you build a world class privacy program that meets your compliance and risk objectives. Here’s more about our people, process, and technology:

People


TRUSTe Privacy Solutions are delivered by a team of Privacy Consultants and Analysts, who are recognized data privacy leaders with significant experience using the proven TRUSTe methodology at every stage of an organizations’ privacy maturity. The TRUSTe team has helped companies of all sizes develop and implement privacy programs by using their privacy, legal, technology, business, and project management experience. The team includes licensed attorneys who have helped globally recognized brands put privacy processes into place. Our Analyst team has completed thousands of privacy assessments and certifications, giving them unrivaled experience. Likewise, our Consultant team has work experience at global brands covering all major industries, such as: Citrix, eBay, Intuit, and Unilever.

Process


For nearly 20 years TRUSTe has refined its methodology to address new and existing laws, regulations, and standards to be efficient yet comprehensive. Additionally, our best practice standards are based upon helping thousands of organizations with privacy, at all levels of privacy maturity. The combined team expertise from former DOC staffers to former Chief Privacy Officers helps organizations meet requirements while keeping in mind practical business considerations.

Technology


The TRUSTe Data Privacy Management (DPM) Platform was developed to solve a market problem that our own team members faced while working at organizations like yours – how to efficiently develop and operationalize privacy programs. This award winning SaaS solution solves that problem by providing tools such as interactive compliance reviews, cookie consent management, and website tracker scanning. The DPM Platform can be purchased standalone, or packaged in a managed service delivery option.

TRUSTe Assessment Manager video

What Clients are Saying

“This is a great tool! We can easily manage our tasks here and we can move things along easily.”

Tony Leete, Infrastructure Manager of Assessment and Analytics, PowerSchool Group LLC |

What Our Customers Say


TRUSTe powers privacy compliance and risk management for over 1,000 companies around the world.




Resources




TSJ9MCMO-573,H48CZLZ4-566,WN1OHNKM-577,5NEW5288-516,MIZA0IPY-515,57RW57NU-544,9OK12WJ9-538,Y24DQDIZ-568

For additional resources, please visit our resource center.