Nymity Attestor™ is a privacy management software solution that enables the privacy office to demonstrate accountability and compliance. Nymity Attestor™ enables organizations to report on the status of the privacy program - generating quantitative metrics supported by evidence - using the Nymity Data Privacy Accountability Scorecard™.
Multinational organizations across a large variety of industries use Nymity Attestor™ to:
- Prepare to demonstrate compliance with the EU General Data Protection Regulation (GDPR)
- Manage all aspects of the Binding Corporate Rules (BCR) process, beginning with readiness assessment, and throughout the implementation, application, and monitoring phases
- Measure and report on compliance with national laws, APEC Cross Border Privacy Rules, and other Rule Sources such as codes and regulations
- Engage with stakeholders throughout the organization, empowering them to manage privacy risk consistent with privacy office priorities and objectives
- Streamline independent monitoring and assessment activities such as internal/external audits
Report with Confidence
On-demand, powerful, and easy to interpret reports on the status of the privacy program, both at an executive level and at a detailed level. Reports are based on empirical data – offering both quantitative and qualitative analysis. Results are backed by evidence, empowering the privacy office to report with confidence.
Monitor Global Compliance
Nymity Attestor™ is powered by the Rules library within Nymity LawTables™, which is maintained by Nymity’s Research team, made up of privacy professionals dedicated to ensuring the Rules library is accurate and complete. Nymity’s team of privacy and data protection professionals add new laws and also continually update existing laws as they are amended, which is equally important.
- Privacy Officers who manage global privacy programs in any industry or sector
- Privacy professionals such as consultants and law firms who assist organizations with implementing privacy programs and comply with laws and regulations
Demonstrate Accountability and Compliance with Nymity Attestor™
Nymity Attestor™ is a privacy management software solution that enables the privacy office to demonstrate accountability and compliance.
Nymity Attestor™ enables organizations to report on the status of the privacy program - generating quantitative metrics supported by evidence - using the Nymity Data Privacy Accountability Scorecard™.
Nymity Attestor™ features powerful reporting functionality – allowing the privacy office to either take a bird’s eye view of the privacy program, or drill down into the details. All of the data is empirical and can be adjusted to reflect the organization's unique risk profile and priorities of the privacy program, providing an accurate perspective in a transparent manner.
Nymity Attestor™ enables organizations to collaborate efficiently. Users throughout the organization answer simple ‘yes/no’ questions and provide supporting evidence.
Responsibility is distributed and as a result; the privacy office has the bandwidth to monitor and interpret results, rather than search for documentation, and the operational units are asked about what they do know (how data is handled), rather than to apply privacy expertise.
Accountability is an ongoing process and maintaining a privacy program requires proactive maintenance. Users must update their responses within the Frequency set by the privacy office. Otherwise, the response expires and the score automatically decreases. It also helps to maintain awareness and prevent a ‘mad dash’ to respond to an audit, DPA inquiry, or request from management.
Accountability is an ongoing process; and maintaining a privacy program requires proactive maintenance. Users must update their responses within the Frequency set by the privacy office. Otherwise, the response expires and the score automatically decreases. It also helps to maintain awareness and prevent a ‘mad dash’ to respond to an audit, DPA inquiry, or request from management.
Nymity’s Research team has analyzed over 550 Rule Sources (laws, regulations, codes), based on the Nymity Privacy Management Accountability Framework™. They have identified which Rules require Evidence and mapped them to the Privacy Management Categories whose activities are most likely to produce the Evidence.
The UK Data Protection Act has over 200 Rules, but only 31 require evidence. Save time by focusing on the parts of the law that require action, rather than definitions, rules establishing the powers of the commissioner, etc.
Nymity Attestor™ automatically maps the Evidence collected in the Accountability Scorecard™ to over 550 Compliance Rule Sources, based on 13 Privacy Management Categories. The privacy office then reviews the available evidence and determines if it satisfies the requirements, or identifies a gap which needs to be addressed.
Nymity places a great importance on the confidentiality, integrity, and availability of its customers' data.
Important security infrastructure notes about Nymity Attestor™:
- Your data is hosted in Canada
- Your documentation resides on your systems
- You’re in control of user administration
Assurance reports (AT 101 SOC 2 and ISO 27001 certification) are available for the hosting environment.
The following are example use cases that provide information on how organizations use Nymity Attestor™ and the justification necessary:
Compliance with the EU GDPR
Controllers and processors operating in the European Union are required to comply with the General Data Protection Regulation (GDPR) by early 2018. Nymity Attestor™ enables the implementation and demonstration of appropriate technical and organisational measures required for ongoing compliance with the GDPR.
View Business Case
Managing the Binding Corporate Rules Process
Organizations using Binding Corporate Rules (BCRs) as a cross border transfer mechanism must be prepared to demonstrate compliance not only with the BCRs but with applicable national law as well.
View Business Case
Demonstrating Compliance with Multiple Privacy Laws and Regulations
Identification of the specific legal requirements for demonstrating compliance to management, business partners, and Regulators has historically been a challenge, even for organizations that must only comply in a single jurisdiction.
View Business Case
Embedding Privacy throughout the Organization
In many organizations, the privacy office functions in an advisory role (sometimes referred to as “second line”) and is responsible for enabling the business (sometimes referred to as “first line”) to make decisions.
View Business Case
Reporting on the Privacy Program to a Variety of Internal and External Stakeholders
Most organizations have begun to realize that privacy is a critical business issue and must be managed strategically.
View Business Case
Supporting Monitoring and Assessment Activities such as SOC-2, Internal Audit
Many privacy programs utilize independent monitoring functions such as Internal Audit or independent attestation (e.g. SOC-2 Reporting).
View Business Case
Nymity Attestor Overview & Demonstration
The following are samples of the knowledge found within the Nymity Attestor™ Solution:
Accountability Over Time
Accountability is not a point in time status, it requires ongoing and proactive management of the privacy program. The Nymity Data Privacy Accountability Scorecard™ measures and reports accountability over time.
Evidence of Compliance
With Nymity Attestor™, evidence is automatically mapped to over 550 Rule Sources.
Demonstrating Accountability Workshop PDF
Nymity supports the implementation with a workshop to help the privacy office plan a strategy for demonstrating accountability and rolling out Nymity Attestor™ globally.
Download PDF >
The following are frequently asked questions about the Nymity Attestor™ solution:
All implementations begin with a workshop, on-site at the customers’ offices. In the workshops, Nymity will share best practices and lessons learned from implementing Nymity Attestor™ at organizations across industries and around the world. The purpose of the workshop is not to train users on the software solution. The goal of the workshop is to teach you the Scorecard approach to demonstrating data privacy accountability and devise an effective strategy for a global rollout.
In addition to having direct access to Nymity’s Attestor Implementation Team, Nymity provides: user guides, which can be customized with your organization’s corporate slide format and implementation details; numerous free resources such as webinars, white papers, infographics, case studies, videos, etc. found on nymity.com; access to a network of other privacy officers who have participated in Demonstrating Accountability workshops; custom support such as training videos, further in person meetings, etc. (additional fee may apply)
On average, organizations complete the implementation phase within 6-8 weeks (this is to demonstrate accountability for the privacy office as well as one reportable unit). When this is the main priority, it can be accomplished in as little as 3 weeks, but for many privacy offices the need to manage multiple priorities and coordinate across time zones makes it difficult to accomplish that quickly.
Nymity will be pleased to provide demonstrations of the software within our sample organization, however user trials are not available. Request a free demo.
The Rules library within Nymity LawTables™ has comprehensive coverage of privacy laws and regulations across the world. Nymity Attestor™ relies on the same data set but includes only those sections of the law which require you to demonstrate compliance with evidence. For example, the UK Data Protection Act has over 200 Rules (all listed in Nymity LawTables™) but only 31 require Evidence (listed in Nymity Attestor™). Nymity Attestor™ excludes things like definitions, establishing the powers of the commissioner, enforcement, etc. Nymity recommends that Nymity Attestor™ users also subscribe to Nymity LawTables™ and the Nymity Research™ solution in order to fully understand as well as demonstrate compliance with the laws.
Nymity Attestor™ is available as an annual subscription that is purchased for the organization, rather than by user. Nymity has observed that more users working in Nymity Attestor™ usually leads to greater success. Organization Administrators are trained to add and manage user permissions within the system.
Nymity places great importance on the confidentiality, integrity, and availability of its customers' data. All customer data is hosted in a secure data centre in Canada, it is not stored in the public cloud; documentation resides on your systems – only meta data is captured for evidence. Assurance reports (AT 101 SOC 2 and ISO 27001 certification) are available for the hosting environment.
You are in control of user administration for Nymity Attestor™. Many users have found it to be a time-saving and efficient tool for collaboration with outside counsel and consultants.
No, Nymity does not offer consulting. We assist organizations in implementing Nymity Attestor™ and in using Nymity solutions to demonstrate accountability. This is a common question, as Nymity has a large team of privacy lawyers, former privacy officers, and compliance professionals. Nymity does get involved in custom research projects, typically with privacy and data protection authorities.
We do recommend that our customers work with law firms and seek help from consulting firms as well, but we do not refer specific lawyers, law firms, or consulting firms. Currently, over 70 law firms and large consulting firms are customers of Nymity.
Organisations operating in the EU will need to comply with the GDPR documentation and demonstrating compliance requirements. The Nymity Attestor™ GDPR Add-on enables organisations to do so strategically, as opposed to an exercise in checking boxes.
Nymity Attestor™ is the leading solution for demonstrating data privacy accountability and compliance globally. The GDPR Add-on for Nymity Attestor™ includes an in-depth analysis of the 39 articles in the GDPR that require Evidence, and identifies the 55 privacy management activities which are mandatory for generating documentation to be used as Evidence. It also includes customisable questions which can be used to engage stakeholders throughout the organisation. Nymity Attestor™ then automatically maps the Evidence to the GDPR, enabling the privacy office to contextualise evidence in order to demonstrate compliance.
Nymity’s approach to demonstrating compliance with the GDPR is unique, and has been proven effective. Organisations around the world use it today to demonstrate compliance with Binding Corporate Rules, national laws, and other compliance requirements. Many have already begun using it to prepare for the GDPR. Unlike a traditional compliance assessment approach of checking boxes, it is proactive and strategic and results in the following outcomes:
- Privacy management is embedded throughout the organisation
- The expectations set forth by the accountability measures in the GDPR require that the organisation can not only show the existence of a compliance privacy programme, but that the programme is actually operating as it is designed.
- The GDPR Add-on for Nymity Attestor™ manages Evidence collected from stakeholders throughout the organisation – not just at the privacy programme level but also from operational units who are accountable for protecting personal data.
- The privacy office is able to contextualise Evidence based on context
- Traditional compliance assessments seek to answer the question: are we compliant? They are based on a point in time and, usually, a limited scope. To effectively manage risk and enable ongoing compliance, the privacy office should seek to determine not only if the organisation is compliant, but how the organisation manages that compliance as well as privacy risk, alignment with business objectives, and ethics.
- The GDPR Add-on for Nymity Attestor™, and the Nymity approach to demonstrating compliance are based on an accountability approach. That is, the organisation demonstrates their capacity to comply; they can show that there is an infrastructure in place to enable ongoing compliance.
- Evidence can be leveraged to demonstrate compliance with multiple compliance requirements
- While the GDPR is top of mind for many privacy officers, global organisations don’t have the luxury of focusing only on the upcoming regulation. They must continue to maintain a global compliance programme.
- The GDPR Add-on for Nymity Attestor™ enables the privacy office to efficiently coordinate compliance efforts by automatically mapping Evidence to over 550+ laws and regulations as well as the GDPR.
- The privacy office is able to achieve more with limited resources
- A study by the IAPP shows that by 2018 there will be over 28,000 data protection officers required by 2018 in Europe alone; and that there is a market shortage of qualified individuals. This is no surprise to privacy officers who are already faced with resource constraints. The best way to address this is to leverage existing resources: the individuals throughout the organisation who are already responsible for protecting personal data.
- The GDPR Add-on for Nymity Attestor™, and the Nymity approach to demonstrating compliance, expands the capacity of the privacy office by helping them to enable and empower individuals throughout the organisation to support compliance efforts.