Nymity Attestor™ is a privacy management software solution that enables the privacy office to demonstrate accountability and compliance. Nymity Attestor™ enables organizations to report on the status of the privacy program - generating quantitative metrics supported by evidence - using the Nymity Data Privacy Accountability Scorecard™.

USES:

Multinational organizations across a large variety of industries use Nymity Attestor™ to:

  • Prepare to demonstrate compliance with the EU General Data Protection Regulation (GDPR)
  • Manage all aspects of the Binding Corporate Rules (BCR) process, beginning with readiness assessment, and throughout the implementation, application, and monitoring phases
  • Measure and report on compliance with national laws, APEC Cross Border Privacy Rules, and other Rule Sources such as codes and regulations
  • Engage with stakeholders throughout the organization, empowering them to manage privacy risk consistent with privacy office priorities and objectives
  • Streamline independent monitoring and assessment activities such as internal/external audits

Key Benefits:


Report with Confidence

On-demand, powerful, and easy to interpret reports on the status of the privacy program, both at an executive level and at a detailed level. Reports are based on empirical data – offering both quantitative and qualitative analysis. Results are backed by evidence, empowering the privacy office to report with confidence.


Monitor Global Compliance

Nymity Attestor™ is powered by the Rules library within Nymity LawTables™, which is maintained by Nymity’s Research team, made up of privacy professionals dedicated to ensuring the Rules library is accurate and complete. Nymity’s team of privacy and data protection professionals add new laws and also continually update existing laws as they are amended, which is equally important.

Ideal for:

  • Privacy Officers who manage global privacy programs in any industry or sector
  • Privacy professionals such as consultants and law firms who assist organizations with implementing privacy programs and comply with laws and regulations

Demonstrate Accountability and Compliance with Nymity Attestor™

Nymity Attestor™ is a privacy management software solution that enables the privacy office to demonstrate accountability and compliance. Nymity Attestor™ enables organizations to report on the status of the privacy program - generating quantitative metrics supported by evidence - using the Nymity Data Privacy Accountability Scorecard™.


Powerful Reporting

Nymity Attestor™ features powerful reporting functionality – allowing the privacy office to either take a bird’s eye view of the privacy program, or drill down into the details. All of the data is empirical and can be adjusted to reflect the organization's unique risk profile and priorities of the privacy program, providing an accurate perspective in a transparent manner.


Efficient Collaboration

Nymity Attestor™ enables organizations to collaborate efficiently. Users throughout the organization answer simple ‘yes/no’ questions and provide supporting evidence.

Responsibility is distributed and as a result; the privacy office has the bandwidth to monitor and interpret results, rather than search for documentation, and the operational units are asked about what they do know (how data is handled), rather than to apply privacy expertise.


Stakeholder Engagement

Accountability is an ongoing process and maintaining a privacy program requires proactive maintenance. Users must update their responses within the Frequency set by the privacy office. Otherwise, the response expires and the score automatically decreases. It also helps to maintain awareness and prevent a ‘mad dash’ to respond to an audit, DPA inquiry, or request from management.


Accountability is an ongoing process; and maintaining a privacy program requires proactive maintenance. Users must update their responses within the Frequency set by the privacy office. Otherwise, the response expires and the score automatically decreases. It also helps to maintain awareness and prevent a ‘mad dash’ to respond to an audit, DPA inquiry, or request from management.


Global Compliance

Nymity’s Research team has analyzed over 550 Rule Sources (laws, regulations, codes), based on the Nymity Privacy Management Accountability Framework™. They have identified which Rules require Evidence and mapped them to the Privacy Management Categories whose activities are most likely to produce the Evidence.

The UK Data Protection Act has over 200 Rules, but only 31 require evidence. Save time by focusing on the parts of the law that require action, rather than definitions, rules establishing the powers of the commissioner, etc.


Nymity Attestor™ automatically maps the Evidence collected in the Accountability Scorecard™ to over 550 Compliance Rule Sources, based on 13 Privacy Management Categories. The privacy office then reviews the available evidence and determines if it satisfies the requirements, or identifies a gap which needs to be addressed.


Secure Infrastructure

Nymity places a great importance on the confidentiality, integrity, and availability of its customers' data. Important security infrastructure notes about Nymity Attestor™:

  • Your data is hosted in Canada
  • Your documentation resides on your systems
  • You’re in control of user administration
Assurance reports (AT 101 SOC 2 and ISO 27001 certification) are available for the hosting environment.



The following are example use cases that provide information on how organizations use Nymity Attestor™ and the justification necessary:

  1. Compliance with the EU GDPR
    Controllers and processors operating in the European Union are required to comply with the General Data Protection Regulation (GDPR) by early 2018. Nymity Attestor™ enables the implementation and demonstration of appropriate technical and organisational measures required for ongoing compliance with the GDPR.
    View Business Case


  2. Managing the Binding Corporate Rules Process
    Organizations using Binding Corporate Rules (BCRs) as a cross border transfer mechanism must be prepared to demonstrate compliance not only with the BCRs but with applicable national law as well.
    View Business Case


  3. Demonstrating Compliance with Multiple Privacy Laws and Regulations
    Identification of the specific legal requirements for demonstrating compliance to management, business partners, and Regulators has historically been a challenge, even for organizations that must only comply in a single jurisdiction.
    View Business Case


  4. Embedding Privacy throughout the Organization
    In many organizations, the privacy office functions in an advisory role (sometimes referred to as “second line”) and is responsible for enabling the business (sometimes referred to as “first line”) to make decisions.
    View Business Case


  5. Reporting on the Privacy Program to a Variety of Internal and External Stakeholders
    Most organizations have begun to realize that privacy is a critical business issue and must be managed strategically.
    View Business Case


  6. Supporting Monitoring and Assessment Activities such as SOC-2, Internal Audit
    Many privacy programs utilize independent monitoring functions such as Internal Audit or independent attestation (e.g. SOC-2 Reporting).
    View Business Case

Nymity Attestor Overview & Demonstration



The following are samples of the knowledge found within the Nymity Attestor™ Solution:

Accountability Over Time

Accountability is not a point in time status, it requires ongoing and proactive management of the privacy program. The Nymity Data Privacy Accountability Scorecard™ measures and reports accountability over time.




Evidence of Compliance

With Nymity Attestor™, evidence is automatically mapped to over 550 Rule Sources.


Demonstrating Accountability Workshop PDF

Nymity supports the implementation with a workshop to help the privacy office plan a strategy for demonstrating accountability and rolling out Nymity Attestor™ globally.
Download PDF >

Accountability Snapshot

Current Accountability score per Privacy Management Categories, including, risk based weighting that is customized for each Reportable Unit.




Engagement with Stakeholders

Individuals responsible for privacy management activities throughout the organization answer yes/no questions, provide comments with additional detail, and point to evidence that supports the attestation.




The following are frequently asked questions  about the Nymity Attestor™ solution:

What support is available to me in implementing and using Nymity Attestor™ to demonstrate accountability and compliance?
How long does it take to Demonstrate Accountability?
Is there a free trial available for Nymity Attestor™?
If I subscribe to Nymity Attestor™, do I also need the Nymity Research™ solution or Nymity LawTables™?
How do licenses/users work?
Where is the data stored? Is it secure?
May my law firm/consulting firm login to the system?
Does Nymity offer consulting?
Does Nymity promote or recommend law firms or consulting firms?

Organisations operating in the EU will need to comply with the GDPR documentation and demonstrating compliance requirements. The Nymity Attestor™ GDPR Add-on enables organisations to do so strategically, as opposed to an exercise in checking boxes.

Nymity Attestor™ is the leading solution for demonstrating data privacy accountability and compliance globally. The GDPR Add-on for Nymity Attestor™ includes an in-depth analysis of the 39 articles in the GDPR that require Evidence, and identifies the 55 privacy management activities which are mandatory for generating documentation to be used as Evidence. It also includes customisable questions which can be used to engage stakeholders throughout the organisation. Nymity Attestor™ then automatically maps the Evidence to the GDPR, enabling the privacy office to contextualise evidence in order to demonstrate compliance.

Nymity’s approach to demonstrating compliance with the GDPR is unique, and has been proven effective. Organisations around the world use it today to demonstrate compliance with Binding Corporate Rules, national laws, and other compliance requirements. Many have already begun using it to prepare for the GDPR. Unlike a traditional compliance assessment approach of checking boxes, it is proactive and strategic and results in the following outcomes:

  • Privacy management is embedded throughout the organisation
  • The expectations set forth by the accountability measures in the GDPR require that the organisation can not only show the existence of a compliance privacy programme, but that the programme is actually operating as it is designed.
  • The GDPR Add-on for Nymity Attestor™ manages Evidence collected from stakeholders throughout the organisation – not just at the privacy programme level but also from operational units who are accountable for protecting personal data.
  • The privacy office is able to contextualise Evidence based on context
  • Traditional compliance assessments seek to answer the question: are we compliant? They are based on a point in time and, usually, a limited scope. To effectively manage risk and enable ongoing compliance, the privacy office should seek to determine not only if the organisation is compliant, but how the organisation manages that compliance as well as privacy risk, alignment with business objectives, and ethics.
  • The GDPR Add-on for Nymity Attestor™, and the Nymity approach to demonstrating compliance are based on an accountability approach. That is, the organisation demonstrates their capacity to comply; they can show that there is an infrastructure in place to enable ongoing compliance.
  • Evidence can be leveraged to demonstrate compliance with multiple compliance requirements
  • While the GDPR is top of mind for many privacy officers, global organisations don’t have the luxury of focusing only on the upcoming regulation. They must continue to maintain a global compliance programme.
  • The GDPR Add-on for Nymity Attestor™ enables the privacy office to efficiently coordinate compliance efforts by automatically mapping Evidence to over 550+ laws and regulations as well as the GDPR.
  • The privacy office is able to achieve more with limited resources
  • A study by the IAPP shows that by 2018 there will be over 28,000 data protection officers required by 2018 in Europe alone; and that there is a market shortage of qualified individuals. This is no surprise to privacy officers who are already faced with resource constraints. The best way to address this is to leverage existing resources: the individuals throughout the organisation who are already responsible for protecting personal data.
  • The GDPR Add-on for Nymity Attestor™, and the Nymity approach to demonstrating compliance, expands the capacity of the privacy office by helping them to enable and empower individuals throughout the organisation to support compliance efforts.

REQUEST A DEMO

*
*
*
*
*

Stay Informed

Subscribe now and receive regular updates on Nymity developments, research,
tools, events, and other valuable resources for the Privacy Office.
*
Legal   |   Privacy Notice  
© 2002-2017 Nymity Inc. All Rights Reserved.