EY Intelligent Privacy Automation (IPA)

The future of data privacy management

Growing privacy concerns and emerging data privacy regulations, such as EU General Data Protection Regulation (GDPR) and US California Consumer Privacy Act (CCPA), require companies to define and operationalize privacy policies, know the location and usage of all personal information and comply with specific regulatory requirements such as data subject rights, breach management and privacy impact analyses. Operationalizing and scaling regulatory compliance is almost impossible with manual and disjointed processes, or a siloed set of tools.  

Built on the ServiceNow platform, the EY Intelligent Privacy Automation (IPA) offering is configured to organizations’ unique business models, creating significant operational efficiencies, necessary compliance artifacts and risk management through enterprise reach, scalability and maximization of data to service multiple privacy functions. Included are accelerators that encapsulate EY’s industry-leading data privacy practices in a rapidly deployable, modular offering that leverages the ServiceNow platform to:

• Simplify and accelerate the operationalization of data privacy regulations including GDPR and CCPA
• Centralize, automate and scale data privacy governance and policy compliance
• Provide a unified, more automated request response to how personal Information is used and retained

How EY can help

The EY IPA offering includes six purpose-built ServiceNow accelerators to help operationalize data privacy compliance:

• Data subject rights — Enable comprehensive management including centralized intake via customized portal, integration with BigID, workflow orchestration and response staging,  leveraging a compliance rules engine
• Record of processing — Manage data collection, automated personal data type discovery, and data flow maps for critical business processes and systems involving personal data processing
• Data privacy impact assessment — Conduct privacy risk assessments and manage impact; risk acceptance, track remediation items and monitor privacy risks 
• Data privacy governance — Enforce “data privacy by design” by conducting regular audits and  assessments for processors, including vendors, to protect the rights and freedoms of data subjects
• Breach response — Manage major breaches that pose a high risk to the rights and freedoms of data subjects, and notify privacy authorities and subjects
• Consent management — Allow data subjects to provide specific consent for personal data usage and manage their choices

The EY IPA platform may reduce privacy impact assesment (PIA) and data subject request (DSR) processing times by up to 60% and 50% respectively (based on EY team’s privacy operational experience).