TrustArcAsk Arc
Prompt Library · 2026
TrustArc Ask Arc · AI Assistant
Ask Arc Prompt Library
A curated collection of ready-to-use prompts for Ask Arc, the AI assistant built into TrustArc. Organized by product, from New User onboarding steps through to Advanced analysis.
How to use
- Copy any prompt below
- Log in to TrustArc
- Click the Ask Arc button (top-right corner)
- Paste into the chat and send
General & Reporting
⭐ 10 New User | ⚡ 10 Advanced| Tag & Topic | Ask Arc Prompt |
|---|---|
|
★ New UserStep 1
Getting Started — What Can Arc Do?
|
What can you help me with as an AI assistant inside TrustArc?
Give me a tour of your capabilities — including what
types of questions you can answer, what reports you can
generate, what data you can analyze across TrustArc products,
and the best way to phrase prompts to get the most useful
responses. |
|
★ New UserStep 2
Privacy Programme Status — Quick Summary
|
Give me a quick summary of the current status of our
privacy programme across TrustArc. How complete is our
data inventory, how many assessments are in progress
or overdue, what is our current compliance score, and
are there any open data subject requests that need attention?
Present this as a one-page snapshot I can share with
my manager. |
|
★ New UserStep 3
Explain a Privacy Term or Concept
|
Explain what [INSERT TERM — e.g., DPIA, legitimate interests,
data minimization, sub-processor, pseudonymization] means
in plain language. Give me a practical example of how
it applies to our privacy programme in TrustArc and tell
me which product or feature I should use to manage this
requirement. |
|
★ New UserStep 4
Generate a Simple Summary Report
|
Generate a simple summary report of our current privacy
programme activity. Include: the number of vendors and
systems in our data inventory, the number of assessments
completed this quarter, our current compliance progress
percentage, and the number of open data subject requests.
Present it in a clean, easy-to-read format. |
|
★ New UserStep 5
What Should I Prioritize This Week?
|
Based on everything you can see in TrustArc right now
— overdue assessments, low compliance scores, missing
data in records, and open DSR deadlines — what are the
top five things I should prioritize completing this week?
Rank them by compliance risk and give me a brief reason
for each. |
|
★ New UserStep 6
Explain a Regulatory Requirement
|
Explain the key requirements of [INSERT REGULATION —
e.g., GDPR, CCPA, DPDPA, LGPD, PIPEDA] in plain language.
What are the most important obligations for a company
like ours? Which TrustArc products help us meet each
obligation, and where should I start? |
|
★ New UserStep 7
Create a Visual Summary of My Data
|
Using the data available across TrustArc, create a visual
summary of our privacy programme. Include a chart or
graphic showing the breakdown of vendors by risk level,
the status of our assessments, and our compliance scores
across active frameworks. Make it clear and suitable
for sharing with a non-technical audience. |
|
★ New UserStep 8
What Are My Biggest Compliance Risks Right Now?
|
Looking across all TrustArc products, what are our biggest
compliance risks right now? Consider overdue assessments,
high-risk vendors with no assessment on file, missing
legal bases in our data inventory, open DSRs approaching
their deadline, and any compliance controls flagged as
non-compliant. Summarize the top risks in priority order. |
|
★ New UserStep 9
Draft a Privacy Update for My Team
|
Draft a short internal privacy update email I can send
to my team this week. Summarize what we have accomplished
in TrustArc recently, what key deadlines or tasks are
coming up, and any important regulatory changes we should
be aware of. Keep the tone professional and concise —
suitable for a weekly team communication. |
|
★ New UserStep 10
How Do I Get the Most Out of Arc?
|
What are your top tips for getting the best results when
using Arc? Explain how to write effective prompts, what
context helps you give better answers, which types of
questions you answer best, and any limitations I should
be aware of. Give me five example prompts that demonstrate
what you are most capable of doing. |
|
⚡ Advanced
Executive Privacy Programme Dashboard — Board-Ready
|
Build a comprehensive executive-level privacy programme
dashboard drawing on all available data in TrustArc.
Include: overall compliance scores by framework, high-risk
vendors and systems with no completed assessment, open
DSR volume and deadline performance, data inventory completeness,
and key regulatory changes flagged in the last 30 days.
Format as a board-ready one-page visual with traffic-light
status indicators. |
|
⚡ Advanced
Quarterly Privacy Report — Leadership Package
|
Generate a complete quarterly privacy programme report
for leadership covering the last three months. Include:
assessments initiated, completed, and approved; compliance
score movement by framework; DSR volume, type breakdown,
and fulfilment rate; new vendors onboarded and their
risk classification; and any regulatory changes that
affected our programme. Present as a polished executive
package with charts and a key takeaways section. |
|
⚡ Advanced
Year-in-Review — Annual Privacy Programme Summary
|
Produce a year-in-review summary of our privacy programme
for the past 12 months. Cover all major accomplishments:
records added to the data inventory, assessments completed
and risks remediated, compliance scores improved, DSRs
fulfilled, consent records captured, and regulatory changes
we responded to. Include a visual timeline of key milestones
and a forward-looking section on priorities for the year
ahead. |
|
⚡ Advanced
Regulatory Landscape Snapshot — All Active Jurisdictions
|
Generate a regulatory landscape snapshot covering all
jurisdictions where we currently process personal data.
For each jurisdiction, summarize the applicable privacy
law, our current compliance status, any upcoming regulatory
changes flagged in Nymity Research, and the top three
actions we need to take to improve our standing. Present
as a table formatted for executive review. |
|
⚡ Advanced
Cross-Product Risk Heatmap — Programme Gaps
|
Create a risk heatmap across all TrustArc products showing
where our privacy programme has the highest concentration
of unresolved risk. Plot risk by product area — data
inventory completeness, assessment coverage, compliance
control gaps, DSR fulfilment delays, and consent record
quality. Highlight the three areas that require the most
urgent attention and suggest immediate remediation actions
for each. |
|
⚡ Advanced
Privacy KPI Scorecard — Custom Metrics
|
Build a privacy KPI scorecard for our programme using
data from across TrustArc. Include the following metrics:
percentage of vendors with a completed risk assessment,
ROPA completeness score, average DSR response time vs.
statutory deadline, compliance control effectiveness
percentage, percentage of business processes with a completed
DPIA where required, and consent opt-in rate trend. Present
as a scorecard with RAG (Red/Amber/Green) status for
each KPI. |
|
⚡ Advanced
Trend Analysis — 12-Month Programme Performance
|
Analyze how our privacy programme has performed over
the past 12 months across all TrustArc products. Show
trend lines for: compliance score movement, assessment
completion rate, DSR volume and fulfilment speed, vendor
risk profile changes, and consent opt-in rate. Identify
where we are improving and where performance has stalled
or declined. Generate an executive-ready visual suitable
for board presentation. |
|
⚡ Advanced
Privacy Programme Gap Analysis — Custom Framework
|
Conduct a comprehensive gap analysis of our privacy programme
against best-practice privacy programme management standards.
Evaluate our maturity across five dimensions: (1) Data
Inventory & Mapping, (2) Risk Assessment Coverage,
(3) Regulatory Compliance Monitoring, (4) Individual
Rights Fulfilment, and (5) Consent & Preference Management.
For each dimension, assign a maturity rating, summarize
the evidence from TrustArc data, and recommend the specific
next steps to advance our programme. |
|
⚡ Advanced
Regulatory Change Digest — Action-Oriented Briefing
|
Using the latest regulatory intelligence available, generate
an action-oriented regulatory change digest for the current
month. For each significant development, provide: the
jurisdiction and law affected, a plain-language summary
of what changed, which of our TrustArc records or compliance
controls are impacted, and the specific action we need
to take with a suggested deadline. Format as a briefing
document I can share with the privacy team. |
|
⚡ Advanced
Privacy Accountability Report — External Stakeholder
Version
|
Draft a privacy accountability report suitable for sharing
with external stakeholders — including customers, partners,
or regulators. Cover: the scope of our privacy programme,
the frameworks and laws we are actively managing compliance
against, our assessment and risk management practices,
how we handle data subject rights, our consent management
approach, and any independent evidence of our compliance
commitment. Keep the language clear, credible, and free
of internal jargon. |
Data Mapping & Risk Manager
⭐ 10 New User | ⚡ 13 Advanced| Tag & Topic | Ask Arc Prompt |
|---|---|
|
★ New UserStep 1
Platform Orientation & Setup Order
|
I have just started using Data Mapping & Risk Manager.
Walk me through the recommended setup sequence — starting
with Company Affiliates, then Third-Party vendors, then
Systems, then Business Processes — and explain why each
layer matters for building a complete and audit-ready
data inventory. |
|
★ New UserStep 2
Company Affiliates Setup
|
Help me set up our Company Affiliates in Data Mapping
& Risk Manager. Explain what a Company Affiliate
record represents, what information I need to configure
for each affiliate (including jurisdiction and DPO details),
and why this foundation is critical before creating any
other records. |
|
★ New UserStep 3
Vendor Onboarding — Best Approach
|
I need to add my vendors to Data Mapping & Risk Manager.
Compare the three onboarding methods — manual entry,
bulk CSV import, and AI-assisted record creation — and
recommend the best approach for my situation. Walk me
through the chosen method step by step and tell me what
information I will need for each vendor record. |
|
★ New UserStep 4
System Records Setup
|
Guide me through creating System records in Data Mapping
& Risk Manager. Explain what a System record captures
(including the IT systems and applications that process
personal data), how to link systems to the correct Company
Affiliate, and which fields are most important to complete
first. |
|
★ New UserStep 5
Business Process Records
|
I need to create my first Business Process record in
Data Mapping & Risk Manager. Walk me through the
three available template types, the eight-step creation
workflow, and the key fields I must complete — including
data elements, processing purposes, legal bases, and
retention periods — to make the record compliance-ready. |
|
★ New UserStep 6
Data Elements & Legal Bases Audit
|
Review all Business Processes in Data Mapping & Risk
Manager and show me which ones are missing a legal basis,
processing purpose, or defined retention periods. Present
the gaps in a prioritized table so I know exactly which
records to complete first. |
|
★ New UserStep 7
Data Transfer Mapping
|
Show me all international data transfers recorded in
Data Mapping & Risk Manager, including the transfer
mechanism used for each (e.g., Standard Contractual Clauses,
Adequacy Decision, Binding Corporate Rules). Flag any
transfers that are missing a valid mechanism and are
therefore potentially non-compliant with GDPR Chapter
V. |
|
★ New UserStep 8
Understanding Risk Scoring
|
Explain the three dimensions of risk scoring in Data
Mapping & Risk Manager — Data Processing Risk, Data
Transfer Risk, and AI Risk. For each dimension, explain
what Inherent Risk, Assessment Risk, and Residual Risk
mean in practice, and show me which of my current records
have the highest overall risk scores. |
|
★ New UserStep 9
ROPA — Article 30 Report Generation
|
I need to produce my first Record of Processing Activities
(ROPA) under GDPR Article 30. Using my current data in
Data Mapping & Risk Manager, generate both a Controller
Report and a Processor Report. Highlight any business
processes that are missing required fields such as legal
basis, data elements, or retention periods before I download
the report. |
|
★ New UserStep 10
Revalidation & Data Freshness Schedule
|
Which vendor records, system records, or business processes
in Data Mapping & Risk Manager are past their revalidation
date or have not been reviewed in the last 12 months?
List them in priority order and suggest a revalidation
schedule I can use to keep my data inventory current
and audit-ready. |
|
⚡ Advanced
International Data Transfer Mechanism Validation
|
Review all Business Process and System records in Data
Mapping & Risk Manager that have a Data Transfer
Risk score of High or Medium. For each record, identify
whether an International Data Transfer Impact Assessment
has been completed and whether a Residual Data Transfer
Risk score has been calculated. List any records missing
a completed transfer mechanism and generate a remediation
plan. |
|
⚡ Advanced
Sub-Processor Chain Mapping & Article 28
|
I need to map my sub-processor chain for GDPR Article
28 compliance. In Data Mapping & Risk Manager, identify
all Third-Party records assigned the 'Sub-Processor'
role, show me which Business Process records they are
linked to, and confirm they appear correctly in the Sub-Processors
section of the corresponding Article 30 reports. |
|
⚡ Advanced
Vendor Risk — Executive Geography Report
|
List all the vendors having high inherent risk levels
for whom we haven't conducted any risk assessments. I
also want to view a report geography-wise with risk rating
for all the vendors in my inventory. This report is for
the executives team. So generate the image in such a
way that resonates with them. |
|
⚡ Advanced
Vendor Security Mapping to GDPR Article 32
|
What security measures do my vendors have documented
in Data Mapping & Risk Manager? Map those measures
against GDPR Article 32 requirements and identify all
vendors that are non-compliant. Include the specific
reasons for non-compliance for each vendor. |
|
⚡ Advanced
Bulk AI Record Creation for Vendor Onboarding
|
Walk me through using the Bulk AI Record Creation feature
in Data Mapping & Risk Manager to rapidly onboard
a new set of third-party vendors. Explain how to trigger
AI Autofill to auto-populate record fields, how to verify
suggested data before creation, and what quality checks
I should run after the records are created. |
|
⚡ Advanced
AI Systems Inventory & EU AI Act Readiness
|
How many systems in my Data Mapping & Risk Manager
inventory are currently flagged as using Artificial Intelligence?
For each AI system, show me the AI Risk score and whether
an AI Risk Assessment has been completed in Assessment
Manager. Identify any gaps that create EU AI Act compliance
exposure. |
|
⚡ Advanced
Three-Dimensional Risk Score Analysis
|
For our upcoming regulatory audit, generate a consolidated
risk view across all three risk dimensions in Data Mapping
& Risk Manager — Data Processing Risk, Data Transfer
Risk, and AI Risk. For each Business Process record,
show the Inherent Risk, Assessment Risk, and Residual
Risk scores, and flag any records where residual risk
remains High after controls have been applied. |
|
⚡ Advanced
Automation Rules for Risk-Based Assessment Routing
|
Help me design Automation Rules in Data Mapping &
Risk Manager that implement risk-tiered assessment routing:
(1) mark records with no high-risk indicators as Not
Required, (2) route records with one risk factor to a
PIA template, and (3) route records with two or more
risk factors to a DPIA template. Scope the rules to our
EU entities. |
|
⚡ Advanced
Data Retention Compliance Across Jurisdictions
|
Verify that all System and Business Process records in
Data Mapping & Risk Manager have data retention periods
configured at the data element level. Show me any records
missing retention periods and generate a comprehensive
retention schedule report covering all jurisdictions
where we process personal data. |
|
⚡ Advanced
Business Process Privacy Report & Article 28
|
Generate a privacy report for my Employee Onboarding
business process in Data Mapping & Risk Manager and
produce an Article 28 report. Compare the data captured
against GDPR requirements, identify all compliance gaps,
and recommend specific remediation steps to achieve full
GDPR compliance. |
|
⚡ Advanced
Data Elements Breach Risk Analysis — Executive Image
|
Analyse the data elements involved across all Business
Processes in Data Mapping & Risk Manager against
known breach risk profiles to suggest severity ratings
for each. Present the results in a compelling image suitable
for executive team presentation. |
|
⚡ Advanced
TIA — Laws & Practices Relevant to Transfer (Initial
Assessment)
|
Identifying laws and practices relevant in light of all
circumstances of the Transfer Impact Assessment to [Insert
Country] from the EU. |
|
⚡ Advanced
TIA — Government Access, Surveillance & National
Security (Follow-Up)
|
Focus on Government Access, Surveillance & National
Security Considerations. |
Assessment Manager
⭐ 10 New User | ⚡ 10 Advanced| Tag & Topic | Ask Arc Prompt |
|---|---|
|
★ New UserStep 1
Assessment Types Explained
|
I am new to Assessment Manager. Explain the difference
between a Mini PIA, a full PIA, a DPIA, a Vendor Risk
Assessment, a Transfer Impact Assessment (TIA), and an
AI Risk Assessment. For each type, tell me when I should
use it, which regulatory frameworks require it, and what
the key outputs are. |
|
★ New UserStep 2
DPIA Trigger Identification
|
Review the business processes and systems in Data Mapping
& Risk Manager and identify which ones are likely
to require a Data Protection Impact Assessment (DPIA)
under GDPR Article 35. Explain the trigger criteria for
each flagged record and tell me which assessments I should
prioritize launching first in Assessment Manager. |
|
★ New UserStep 3
First Assessment Setup
|
I need to create my first Privacy Impact Assessment (PIA)
in Assessment Manager. Walk me through the complete setup
process: configuring assessment details, assigning managers
and respondents, setting reminder notifications, and
launching the assessment so respondents can begin completing
it. |
|
★ New UserStep 4
Assessment Status Dashboard
|
Give me a complete status overview of all assessments
currently in Assessment Manager. Break them down by status
— Not Started, In Progress, Pending Approval, Approved,
Failed — and tell me which ones are overdue or approaching
their due date so I can take immediate action. |
|
★ New UserStep 5
Vendor Risk Assessment Prioritization
|
I need to prioritize which vendors to assess first in
Assessment Manager. Using the vendor records in Data
Mapping & Risk Manager, rank all vendors that currently
have no completed assessment by their inherent risk score
and tell me which assessment type is most appropriate
for each vendor. |
|
★ New UserStep 6
Overdue & Stalled Assessments
|
Which assessments in Assessment Manager have been In
Progress for more than 30 days without any updates? List
the assessment name, assigned respondent, and how many
days it has been stalled. Suggest specific actions to
get each one moving toward completion. |
|
★ New UserStep 7
Risk Score Analysis
|
For all completed assessments in Assessment Manager,
compare the inherent risk score against the residual
risk score. Show me which assessments have the greatest
gap between the two scores, and identify any assessments
where residual risk remains high despite controls being
in place — these represent our highest ongoing compliance
exposure. |
|
★ New UserStep 8
Remediation Task Tracking
|
Show me all open remediation tasks generated from completed
assessments in Assessment Manager. Group them by assessment,
identify which tasks are overdue, and summarize the key
compliance risks that remain unresolved so I can build
an action plan for the privacy team. |
|
★ New UserStep 9
AI Risk Assessment — Getting Started
|
I have systems in my Data Mapping & Risk Manager
inventory that use Artificial Intelligence. Which of
those systems require an AI Risk Assessment in Assessment
Manager? Explain the specific risks evaluated in the
AI Risk Assessment template and help me prioritize which
systems to assess first based on their current AI risk
score. |
|
★ New UserStep 10
Transfer Impact Assessment (TIA)
|
Which of my international data transfers in Data Mapping
& Risk Manager do not yet have a completed Transfer
Impact Assessment (TIA) in Assessment Manager? List them
by destination country, flag the highest-risk transfers,
and explain what a TIA must cover under GDPR Chapter
V requirements. |
|
⚡ Advanced
DPIA / Article 35 Report Generation
|
I need to generate a GDPR Article 35 DPIA report from
Assessment Manager for a high-risk processing activity.
Walk me through completing the DPIA Controls Assessment
through to Approved state, then downloading the Article
35 Report. What does the report contain in terms of Inherent
Risk, Residual Risk, and control effectiveness data? |
|
⚡ Advanced
Inherent vs. Residual Risk — Programme Cohort Analysis
|
Using the Assessment Manager dashboard, help me compare
Inherent Risk against Residual Risk across our entire
DPIA programme. Identify which business units still carry
unacceptably high residual risk after controls, and generate
an executive-level risk reduction trend report showing
quarter-over-quarter improvement. |
|
⚡ Advanced
Control Effectiveness Chart — Programme Governance
|
Walk me through interpreting the Control Effectiveness
Chart on the Assessment Manager dashboard. Explain the
80% target threshold, how it is calculated from completed
assessment responses, and how I should use this metric
in our quarterly privacy governance review to identify
processing activities falling below acceptable control
thresholds. |
|
⚡ Advanced
Auto-Assessment Cascading & Threshold Triggers
|
I want to configure an Auto-Assessment cascade in a custom
template so that when a respondent answers a high-risk
question affirmatively, a follow-on DPIA is automatically
triggered. Walk me through setting up the cascade condition
at the template section level, how the triggered assessment
is created, and the key caveats I need to manage. |
|
⚡ Advanced
Tiered Approver Chains & Escalation Workflows
|
Our privacy programme requires a two-tier approval chain
for DPIAs — business unit managers at Tier 1 and the
DPO at Tier 2. Configure this in Assessment Manager,
explain the majority-rule logic, confirm Tier 2 can only
act after Tier 1 is complete, and show me how to measure
approval turnaround times for board reporting. |
|
⚡ Advanced
Assessment Revalidation Scheduling
|
We need to implement an annual revalidation programme
for all approved assessments in Assessment Manager. Explain
how to configure revalidation schedules, the difference
between Revalidate Now and Revalidate as Scheduled, how
to pre-configure revalidation stakeholders, and how to
view upcoming revalidation due dates across the entire
assessment portfolio. |
|
⚡ Advanced
Bulk Assessment Programme via Smart URLs
|
We need to roll out a vendor risk assessment programme
to 200 third-party respondents efficiently. Explain how
to use Assessment Configurations to standardize workflow
and email settings across multiple assessments, and how
to generate Smart URLs so individual vendors can trigger
their own assessment without requiring manual setup each
time. |
|
⚡ Advanced
Overall Programme Strategy — GDPR, CCPA & PIPEDA
|
Using data from Data Mapping & Risk Manager and Assessment
Manager, analyze available information to identify gaps
in my privacy programme against GDPR, CCPA, and PIPEDA
requirements. Develop executive-ready visuals including
a consolidated summary graphic to clearly communicate
findings and recommended action plans to the board. |
|
⚡ Advanced
Compliance Maturity — 60-Day Snapshot
|
Based on the privacy landscape data in Data Mapping &
Risk Manager and Assessment Manager over the past two
months, determine our current GDPR compliance maturity
level. Provide a prioritized set of immediate steps to
improve the maturity score and a roadmap showing what
achieving the next maturity level would require. |
|
⚡ Advanced
Board-Level Assessment Programme Metrics
|
Using Assessment Manager data, generate a board-level
privacy programme report showing: total assessments by
type and status, average time from initiation to approval,
inherent vs. residual risk reduction over the past year,
the percentage of high-risk records with completed DPIAs,
and all open remediation tasks categorized by business
unit and severity. |
PrivacyCentral
⭐ 10 New User | ⚡ 12 Advanced| Tag & Topic | Ask Arc Prompt |
|---|---|
|
★ New UserStep 1
Platform Orientation
|
I am setting up PrivacyCentral for the first time. Give
me an orientation of the key sections — Programme Overview,
Tasks, Controls, Evidence, Attestations, and Regulatory
Monitoring — and explain what I should configure first
to start building a meaningful compliance programme. |
|
★ New UserStep 2
Law & Framework Selection
|
Based on our company's operating jurisdictions and industry
sector, which privacy laws and regulatory frameworks
should I select to monitor in PrivacyCentral? Recommend
the most relevant laws for a company operating in [REGIONS
/ INDUSTRY] and explain the key obligations each one
imposes. |
|
★ New UserStep 3
Understanding Compliance Scores
|
Explain the difference between the Compliance Progress
percentage and the Control Effectiveness percentage shown
in PrivacyCentral. How is each score calculated, what
does each one tell me about the health of our programme,
and which actions will have the greatest positive impact
on improving both metrics? |
|
★ New UserStep 4
First Compliance Gap Assessment — GDPR
|
Run a full compliance gap assessment for GDPR using PrivacyCentral.
Show me every control where we are currently non-compliant
or partially compliant, group the gaps by compliance
area, and provide a recommended remediation roadmap with
estimated effort for each gap. |
|
★ New UserStep 5
Priority Task Identification
|
Using PrivacyCentral, show me all open compliance tasks
ranked by their Effectiveness Impact score. Which tasks,
if completed today, would have the greatest positive
impact on our overall compliance scores? Give me a prioritized
30-day action plan. |
|
★ New UserStep 6
Regulatory Change Monitoring
|
What regulatory changes have occurred in the last 90
days that affect the frameworks I am monitoring in PrivacyCentral?
Summarize each change, identify which of our compliance
controls may be impacted, and tell me what actions I
need to take to stay current. |
|
★ New UserStep 7
Uploading & Mapping Evidence
|
I have compliance evidence documents ready to upload
to PrivacyCentral. Walk me through the process of uploading
documents and using the AI Evidence Analyzer to map each
document to the relevant compliance controls. Show me
which controls currently have no evidence attached and
are therefore at risk of failing an audit. |
|
★ New UserStep 8
CCPA / CPRA Compliance Review
|
Using PrivacyCentral, provide a full compliance status
review for CCPA/CPRA. For each compliance control, indicate
whether we are compliant, partially compliant, or non-compliant.
Flag any controls related to consumer rights, opt-out
mechanisms, or data sale and sharing that require immediate
attention. |
|
★ New UserStep 9
Multi-Framework Overlap Analysis
|
I am managing compliance against GDPR, CCPA, and PIPEDA
simultaneously in PrivacyCentral. Which compliance controls
overlap across all three frameworks so I can address
them once and satisfy multiple requirements? Show me
the overlapping controls in a table and estimate the
compliance coverage I gain from completing each one. |
|
★ New UserStep 10
Compliance Programme Summary for Leadership
|
Generate a board-ready compliance programme summary using
PrivacyCentral data. Include: the number of laws in scope,
overall compliance progress and control effectiveness
scores per framework, the number of open versus remediated
tasks, and a traffic-light status overview that leadership
can review at a glance. |
|
⚡ Advanced
Multi-Framework Gap Analysis — GDPR, CCPA, DPDPA, LGPD
|
Using PrivacyCentral, run a simultaneous compliance gap
analysis across GDPR, CCPA, India DPDPA, and Brazil LGPD.
For each framework, identify controls that are non-compliant
or partially compliant, highlight controls that satisfy
requirements across multiple frameworks (Common Controls),
and generate an executive summary showing our global
compliance posture. |
|
⚡ Advanced
AI Evidence Analyzer — Evidence Gap Mapping
|
I have uploaded a batch of compliance evidence documents
to PrivacyCentral. Use the AI Evidence Analyzer to assess
each document and show me which controls receive an Excellent,
Good, Fair, Poor, or Unaddressed coverage score. Identify
the controls with the weakest evidence coverage and recommend
the specific documentation I need to gather to close
the gaps. |
|
⚡ Advanced
Attestation & Assurance Programme Reporting
|
I need to prepare a formal attestation report for our
GDPR compliance programme in PrivacyCentral. Show me
which controls currently have attestations completed
by assigned attestors, which are still pending, and which
controls are at risk of failing an external audit due
to insufficient evidence or low effectiveness scores.
Generate an attestation readiness summary. |
|
⚡ Advanced
Task Prioritization by Effectiveness Impact Score
|
Using PrivacyCentral, analyze all open compliance tasks
and sort them by Effectiveness Impact score. Show me
the top 20 tasks that would deliver the greatest improvement
to our control effectiveness percentage if completed.
For each task, include the associated law, the control
it relates to, and the estimated effort level. |
|
⚡ Advanced
Regulatory Change Impact Assessment
|
A significant regulatory update has just been published
for [JURISDICTION / FRAMEWORK] in PrivacyCentral. Identify
exactly which of our existing compliance controls are
affected by this change, show me the current status of
those controls, and generate an impact assessment report
with a prioritized remediation plan to restore compliance. |
|
⚡ Advanced
Jurisdiction Comparison — Requirements in Scope
|
Compare the regulatory requirements across the jurisdictions
in scope for our programme in PrivacyCentral. For each
jurisdiction, cite the authoritative regulatory source,
identify where our existing policies and controls already
satisfy the requirements, and clearly show where gaps
remain so we can build a targeted remediation plan. |
|
⚡ Advanced
Quarter-Over-Quarter Compliance Drift Analysis
|
Using the compliance history data in PrivacyCentral,
compare our compliance progress scores for each selected
framework across the last four fiscal quarters. Identify
any frameworks where our compliance score has declined,
investigate the root cause (e.g., new requirements added,
tasks not completed, evidence expired), and recommend
corrective actions. |
|
⚡ Advanced
Compliance Achievement Report — Board Package
|
Build a comprehensive board-level compliance achievement
report for [COMPANY NAME] using PrivacyCentral. Include:
the number of laws and frameworks assessed, total controls
evaluated and percentage compliant, tasks created and
remediated by quarter since [START DATE], key compliance
milestones achieved, and a forward-looking roadmap for
the next two quarters. Format for executive presentation. |
|
⚡ Advanced
External Audit Readiness Assessment
|
Our company is preparing for an external privacy audit
in 90 days. Using PrivacyCentral, assess our audit readiness
by reviewing: control effectiveness scores across all
in-scope frameworks, evidence coverage quality scores
from the AI Evidence Analyzer, pending attestations,
and open high-priority tasks. Generate a prioritized
audit preparation checklist with specific actions, owners,
and suggested completion dates. |
|
⚡ Advanced
Recent Regulatory Developments — GDPR, CCPA &
DPDPA Compliance Standing
|
Summarize the recent privacy developments related to
GDPR, CCPA, and DPDPA and show me where my company stands
in compliance based on the information in PrivacyCentral.
For each development, identify the affected controls
and tell me which tasks I need to complete to restore
or maintain compliance. |
|
⚡ Advanced
Compliance Trigger Criteria & Verification Walkthrough
|
Walk me through the trigger criteria for our key compliance
controls in PrivacyCentral, cite the relevant regulatory
authority for each, and analyze whether my company has
already fulfilled each requirement based on the existing
information in PrivacyCentral. Flag any controls where
fulfillment is uncertain or evidence is missing. |
|
⚡ Advanced
PrivacyCentral Programme Highlights — Quarterly Achievement
Report
|
Build highlights of everything we have accomplished in
the TrustArc PrivacyCentral platform: how many laws we
have assessed, how many tasks have been created and remediated,
key compliance milestones achieved, and a compelling
usage story. Break down the accomplishments by fiscal
year quarters starting in [MONTH / YEAR] and generate
the report as a PDF. |
Nymity Research
⭐ 10 New User | ⚡ 14 Advanced| Tag & Topic | Ask Arc Prompt |
|---|---|
|
★ New UserStep 1
Platform Orientation
|
I am using Nymity Research for the first time. Give me
an orientation of the key sections — Law Library, Topics,
Enforcement Database, Breach Index, MoFo Notes, and Privacy
Watch — and explain what each section contains. Recommend
the best starting point for a privacy programme manager
who needs to understand the laws applicable to our business. |
|
★ New UserStep 2
Identifying Applicable Laws
|
My company processes personal data of residents in [COUNTRY
LIST]. Using Nymity Research, identify all privacy laws
that apply to our operations in those countries. For
each law, tell me whether my company is a data controller,
processor, or both, and highlight the three most critical
obligations I need to address first. |
|
★ New UserStep 3
Law Library — Jurisdiction Deep-Dive
|
Using Nymity Research, give me a comprehensive overview
of the key privacy law requirements that apply in [JURISDICTION].
Cover the law's scope, obligations on data controllers
and processors, consumer or data subject rights established,
enforcement authority, and the penalties for non-compliance. |
|
★ New UserStep 4
Breach Notification Requirements
|
Using the Nymity Research Breach Index, show me the breach
notification requirements for [COUNTRY / JURISDICTION].
Include: the definition of a notifiable breach, the notification
timeline to the supervisory authority, whether individual
notification to affected data subjects is required, and
any exemptions that apply. |
|
★ New UserStep 5
Recent Enforcement Actions — Key Lessons
|
Using Nymity Research, show me the five most significant
enforcement actions issued in the last 12 months across
any jurisdiction. For each action, summarize the violation,
the fine amount, the issuing regulatory authority, and
the key compliance lesson my organization should take
away to avoid a similar outcome. |
|
★ New UserStep 6
Regulatory Alerts — What's New This Month
|
Using Nymity Research, what are the most significant
privacy law developments and regulatory changes published
in the last 30 days? Summarize each development, identify
which of our monitored jurisdictions are affected, and
flag any that require immediate action on our part. |
|
★ New UserStep 7
GDPR Guidance — Legal Basis Deep-Dive
|
Using Nymity Research Topics, give me a comprehensive
summary of current regulatory guidance on legitimate
interests as a legal basis under GDPR. Include relevant
EDPB opinions, key enforcement precedents, and the specific
criteria my organization must satisfy to lawfully rely
on this basis. |
|
★ New UserStep 8
Cross-Border Data Transfer Rules Comparison
|
Using Nymity Research, compare the cross-border data
transfer mechanisms available under GDPR, UK GDPR, and
Brazil's LGPD. Present the comparison in a table showing
which mechanisms are recognized under each law, any conditions
that apply, and which mechanism is most widely used in
practice. |
|
★ New UserStep 9
Sector-Specific Privacy Requirements
|
Using Nymity Research, identify any sector-specific privacy
requirements that apply to our company operating in [INDUSTRY
— e.g., healthcare, financial services, education, children's
platforms] across our key jurisdictions. Highlight any
sector requirements that go beyond the general privacy
law obligations and explain what we need to do differently
to comply. |
|
★ New UserStep 10
Setting Up Daily Compliance Alerts
|
I want to configure Nymity Research to send me daily
compliance alerts for the jurisdictions and topics most
relevant to our business. Walk me through how to set
up My Countries and configure Daily Compliance Alerts
so that I receive timely notifications of regulatory
changes that could affect our privacy programme. |
|
⚡ Advanced
Enforcement Trend Analysis — Annual Executive Report
|
Using Nymity Research enforcement data, generate a comprehensive
annual enforcement trend analysis for the previous calendar
year. Show total enforcement actions by region, the top
10 largest fines with the violation type for each, the
most common violation categories globally, year-over-year
trend comparisons, and key takeaways for our privacy
programme. Format as an executive report suitable for
the board. |
|
⚡ Advanced
Multi-Regulator Enforcement Comparison
|
Using Nymity Research, compare enforcement patterns across
the five most active data protection authorities — ICO,
CNIL, BfDI, the Irish DPC, and the FTC. For each authority,
show enforcement volume, average fine amounts, most common
violation types, and the sectors most frequently targeted.
Identify which authority represents the greatest regulatory
risk for our business operations. |
|
⚡ Advanced
Breach Index — Incident Response Planning
|
Using the Nymity Research Breach Index, create a comprehensive
incident response reference document covering all jurisdictions
where we process personal data. For each jurisdiction,
capture: the breach notification threshold, the supervisory
authority to notify, the notification timeline, whether
individual notification is required, and any safe harbor
exemptions. Present in a table format our legal team
can use during a live incident. |
|
⚡ Advanced
MoFo Notes — Legal Interpretation of Ambiguous Requirements
|
Using Nymity Research MoFo Notes, give me a legal analysis
of the current regulatory interpretation of [TOPIC —
e.g., cookie consent, legitimate interests, automated
decision-making, profiling] across EU member states.
Identify where there are conflicting interpretations
between national supervisory authorities and explain
the most conservative compliance position we should adopt. |
|
⚡ Advanced
AI Governance Research — Multi-Jurisdiction
|
Using Nymity Research, provide a comprehensive overview
of AI governance and regulation requirements across the
EU, US, UK, Canada, and China. For each jurisdiction,
summarize the key AI-specific obligations, identify which
of our AI-enabled systems or processes are in scope,
and highlight the compliance gaps we need to address
most urgently. |
|
⚡ Advanced
Cross-Jurisdiction Consent Requirement Comparison
|
Using Nymity Research Topics, compare consent requirements
across GDPR, UK GDPR, CCPA/CPRA, Brazil LGPD, India DPDPA,
and Canada PIPEDA. Present a detailed comparison covering:
the standard of consent required (explicit vs. implied,
opt-in vs. opt-out), what information must be disclosed
at the point of consent, and the consequences of invalid
consent under each law. |
|
⚡ Advanced
Data Localization Requirements by Country
|
Using Nymity Research, identify all countries where we
transfer or store personal data that have data localization
requirements. For each country, explain what data must
remain in-country, any exceptions to localization, and
what we need to do to comply. Flag any of our current
data transfer arrangements that may violate localization
rules. |
|
⚡ Advanced
DPDPA Deep-Dive — India Compliance Obligations
|
Using Nymity Research, provide a detailed analysis of
India's Digital Personal Data Protection Act (DPDPA)
— covering scope, data principal rights, obligations
on data fiduciaries and processors, the consent framework,
cross-border transfer rules, breach notification requirements,
the role of the Data Protection Board, and penalties
for non-compliance. Map these obligations against our
current privacy programme and identify the gaps. |
|
⚡ Advanced
Privacy Law Gap Analysis — Market Expansion
|
Our company is planning to expand operations into [NEW
COUNTRY / REGION]. Using Nymity Research, conduct a privacy
law gap analysis: identify all applicable privacy laws
in the target market, compare their requirements against
our existing GDPR-compliant programme, and generate a
gap report showing what new obligations we need to implement
before we can lawfully operate in that market. |
|
⚡ Advanced
Supervisory Authority Guidance Tracker
|
Using Nymity Research, show me all guidance, opinions,
and recommendations issued in the last six months by
the European Data Protection Board (EDPB) and the top
five EU national supervisory authorities. For each guidance
document, summarize the key points, identify which of
our existing compliance controls it relates to in PrivacyCentral,
and flag any areas where our current approach may need
to be updated. |
|
⚡ Advanced
Data Breach Definition Comparison — China, US & Europe
|
Using Nymity Research, how is a data breach defined in
China, the United States, and Europe? Compare the definitions
in a table format and indicate when a breach must be
reported to a supervisory authority in each region, including
the notification timeline and the applicable regulatory
body. |
|
⚡ Advanced
Unlawful Processing Assessment — Jurisdiction-Specific
Analysis
|
My customer's data is being processed in Saudi Arabia
by a vendor based there who provides me with SaaS software.
I consider this to be unlawful processing. Using Nymity
Research, would this also be classified as unlawful processing
or a breach under Denmark's interpretation of GDPR? Provide
the relevant legal basis and cite applicable guidance
or enforcement precedents. |
|
⚡ Advanced
EU Enforcement Report — Executive & CPO Visual
|
Using Nymity Research, generate a report fetching data
from Nymity enforcements having all the details displayed
in easy visuals for European regions. This is to be presented
to the executive team. Additionally, generate one image
for my Chief Privacy Officer to view at a glance with
attractive visuals. |
|
⚡ Advanced
India DPDPA — Data Retention Requirements
|
Using Nymity Research, what is India's Digital Personal
Data Protection Act (DPDPA) stance on data retention?
Explain the specific retention obligations, any sector-specific
exemptions, the consequences of non-compliance, and how
these requirements compare to GDPR Article 5(1)(e) on
storage limitation. |
Individual Rights Manager
⭐ 10 New User | ⚡ 13 Advanced| Tag & Topic | Ask Arc Prompt |
|---|---|
|
★ New UserStep 1
DSR Request Types Explained
|
I am new to Individual Rights Manager. Explain the different
types of Data Subject Requests I can manage — including
Access, Deletion, Correction, Portability, Opt-Out, and
Restriction of Processing. For each type, tell me which
regulations grant this right, the typical response deadline,
and what fulfillment looks like in practice. |
|
★ New UserStep 2
Compliance Timeline Configuration
|
Walk me through how to configure the correct response
deadlines (Due In Days) in Individual Rights Manager
for each DSR type across GDPR, CCPA/CPRA, and other applicable
jurisdictions. Explain the consequences of misconfiguring
these deadlines and show me the current deadline settings
for all active request workflows. |
|
★ New UserStep 3
Intake Form Setup
|
I need to build a DSR intake form in Individual Rights
Manager for our company website. Guide me through best
practices for form design — including required fields,
identity verification configuration, jurisdictions to
cover, and how to ensure the form meets GDPR and CCPA/CPRA
requirements before publishing it. |
|
★ New UserStep 4
Open Requests — Compliance Risk Triage
|
Show me all currently open Data Subject Requests in Individual
Rights Manager. Highlight any requests approaching or
exceeding their compliance deadline, identify the request
type and jurisdiction for each, and give me a prioritized
action list to address the highest compliance risks first. |
|
★ New UserStep 5
Identity Verification Review
|
Using Individual Rights Manager, what identity verification
methods are currently configured for our DSR intake forms?
Are these requirements appropriate for the jurisdictions
we operate in? Compare our current setup against GDPR,
CCPA/CPRA, and other applicable requirements and flag
any gaps that could expose us to fraud or regulatory
risk. |
|
★ New UserStep 6
Request Volume & Type Breakdown
|
Using Individual Rights Manager, give me a breakdown
of all DSR requests received in the last six months by
request type (Access, Deletion, Opt-Out, etc.), by jurisdiction,
and by month. Identify any notable trends such as a spike
in deletion requests or an unusually high volume from
a specific country or region. |
|
★ New UserStep 7
Workflow Automation & Task Templates
|
I want to configure automated task templates in Individual
Rights Manager so that when a new DSR is received, the
right team members are notified and assigned tasks automatically.
Walk me through how task templates with conditional logic
work and suggest the ideal workflow structure for Access,
Deletion, and Opt-Out request types. |
|
★ New UserStep 8
GPC Signal & Automated Opt-Out
|
Explain how the Global Privacy Control (GPC) signal integrates
with Individual Rights Manager to automatically process
opt-out requests. Is our current configuration set up
to honor GPC signals as required under CCPA/CPRA? What
do I need to configure to ensure automated compliance
is in place? |
|
★ New UserStep 9
Global DSAR Executive Report
|
Using Individual Rights Manager, generate an executive-level
report providing global insights into all Data Subject
Access Requests received during fiscal year 2025 (January–December).
Present the findings as a visually compelling summary
suitable for board-level presentation, including volume
by jurisdiction, request type breakdown, and fulfilment
rate. |
|
★ New UserStep 10
DSR Audit Trail & Regulatory Reporting
|
I need to demonstrate to regulators that we have properly
handled all Data Subject Requests in the past 12 months.
Using Individual Rights Manager, generate a complete
audit trail report showing each request received, the
actions taken, the date fulfilled, and the outcome. Flag
any requests that were closed without full fulfillment. |
|
⚡ Advanced
Cross-Jurisdictional DSR Timeline Compliance Analysis
|
Using Individual Rights Manager, generate a cross-jurisdictional
compliance analysis comparing our DSR response performance
against the deadlines required under GDPR (30 days),
CCPA (45 days), LGPD (15 days), and other applicable
laws. Identify any jurisdiction where we are consistently
missing deadlines and calculate the potential regulatory
penalty exposure for each overdue request type. |
|
⚡ Advanced
24-Month DSR Trend Analysis — Board Reporting
|
Using Individual Rights Manager, generate a 24-month
trend analysis of all DSR activity broken down by request
type, jurisdiction, and fulfilment outcome. Identify
peak periods of request volume, analyse whether specific
request types are increasing year-over-year, and present
the findings as a board-level risk reporting visual showing
our programme maturity over time. |
|
⚡ Advanced
Identity Verification Failure Rate & Fraud Prevention
|
Analyze our identity verification outcomes in Individual
Rights Manager over the last 12 months. What percentage
of DSR submissions failed identity verification? How
many requests were flagged as potentially fraudulent?
Are our current verification thresholds calibrated correctly
for each request type and jurisdiction? |
|
⚡ Advanced
Task Template Bottleneck Analysis
|
Analyze the task template performance data in Individual
Rights Manager. Which subtasks are causing the greatest
delays in our DSR fulfilment workflows? For each request
type, show me the average time spent at each workflow
stage, identify the steps where tasks most frequently
reach Cannot Complete status, and recommend workflow
restructuring to reduce average fulfilment time. |
|
⚡ Advanced
DSR SLA Performance Dashboard
|
Using Individual Rights Manager, build a comprehensive
SLA performance dashboard showing: average DSR response
time by request type and jurisdiction, percentage of
requests completed within the statutory deadline, the
number and percentage of requests auto-extended due to
complexity, and the top five reasons why requests miss
their deadlines. |
|
⚡ Advanced
Regulatory Penalty Risk — Overdue DSR Exposure
|
Using Individual Rights Manager, identify all DSR requests
that are currently overdue or were closed past their
statutory deadline in the last 12 months. For each overdue
request, calculate the potential regulatory penalty exposure
under the applicable law (e.g., GDPR Article 83, CCPA
fines up to $7,500 per intentional violation). Generate
a total penalty exposure summary for our legal team. |
|
⚡ Advanced
IRM–DMRM Integration for Data Fulfilment Mapping
|
When fulfilling Data Subject Access Requests, our team
needs to know which systems hold the data subject's personal
data. Using the integration between Individual Rights
Manager and Data Mapping & Risk Manager, show me
which systems are linked to each active DSR and identify
any systems in our DMRM inventory that are not yet connected
to our IRM fulfilment workflow. |
|
⚡ Advanced
Incident Response — GDPR Breach Notification (500K Users)
|
An incident has been reported involving personal data
of 500,000 data subjects — including names, Social Insurance
Numbers, credit card details, and credit ratings. Using
Individual Rights Manager and Nymity Research, determine
which regulatory authorities must be notified, the mandatory
notification timelines in each jurisdiction, the required
content of each notification, and all steps needed to
achieve compliance and avoid penalties. |
|
⚡ Advanced
DSR Form Compliance Review — CCPA/CPRA
|
Review our DSR intake form against CCPA/CPRA requirements.
Identify all compliance gaps — including required disclosures,
permitted verification methods, opt-out request handling,
and the requirement to accept requests through multiple
channels. Provide specific, actionable recommendations
to remediate each gap. |
|
⚡ Advanced
DSAR Compliance Report — Quarterly Visual
|
Using Individual Rights Manager, generate a single executive-level
image showing our DSAR compliance report for the most
recent quarter. Highlight which requests are out of compliance,
which require immediate action, and include a prioritized
next-steps checklist the team can act on immediately
to restore full compliance. |
|
⚡ Advanced
DSAR Volume — Germany 3-Year Analysis
|
Using Individual Rights Manager, how many DSAR requests
were received from Germany over the past 3 years? Break
the results down by year and by request type. Identify
any notable trends — including year-over-year increases,
the most common request type from German data subjects,
and whether our response time consistently met the GDPR
30-day deadline. |
|
⚡ Advanced
DSR Form — California Law Compliance Review &
Gap Analysis
|
Compare my DSR intake form against California privacy
laws (CCPA/CPRA) and provide detailed feedback on any
compliance gaps discovered. For each gap identified,
suggest specific adjustments to the form language, fields,
or process to achieve full compliance with California
requirements. |
|
⚡ Advanced
Germany Incident Report — Multi-Jurisdiction Compliance
& Exec Board Visuals
|
There has been an incident reported to my company in
Germany. Using Individual Rights Manager, provide all
insights from the incident reporting form and tell me
what actions I need to take to be compliant across various
jurisdictions — especially GDPR and CCPA. Generate executive
board-level reports and visuals for easier presentation
to leadership. |
Cookie Consent Manager
⭐ 10 New User | ⚡ 11 Advanced| Tag & Topic | Ask Arc Prompt |
|---|---|
|
★ New UserStep 1
Platform Orientation
|
I am setting up Cookie Consent Manager for the first
time. Walk me through the key sections of the platform
— banners, cookie scanning, tracker management, location
settings, and reporting — and explain what I need to
configure first to get a compliant consent banner live
on our website. |
|
★ New UserStep 2
Cookie Scan & Categorization
|
Run a cookie scan on our website using Cookie Consent
Manager. Show me all cookies and trackers detected, organized
by category — Strictly Necessary, Performance, Functional,
and Targeting/Advertising. Flag any cookies that are
currently loading before consent is obtained, as this
is a GDPR compliance violation. |
|
★ New UserStep 3
First Banner Setup
|
Walk me through the full process of configuring my first
cookie consent banner in Cookie Consent Manager — including
selecting the banner layout, choosing between implied
and expressed consent behaviors, configuring the consent
categories, adding the required disclosures, and publishing
the banner to our website. |
|
★ New UserStep 4
GDPR vs. CCPA Banner Configuration
|
Explain the difference between how our cookie consent
banner should be configured for GDPR visitors in the
EU versus CCPA visitors in California. Do I need separate
banners, or can I use Location Settings to serve different
consent experiences to different audiences? Walk me through
the recommended setup for both regulations simultaneously. |
|
★ New UserStep 5
Auto-Block Configuration
|
I want to ensure no cookies load on our website before
a visitor gives consent. Using Cookie Consent Manager,
explain how the Auto-Block feature works and walk me
through configuring it for our website. Show me which
cookies are currently set to auto-block and which are
not, and flag any gaps that could cause a GDPR violation. |
|
★ New UserStep 6
Consent Rate Performance Review
|
Using Cookie Consent Manager reporting, show me the current
opt-in and opt-out rates for our consent banner across
all active domains. Break the data down by consent category
and by geography. Identify which categories have the
lowest opt-in rates and suggest ways to improve consent
performance while maintaining full regulatory compliance. |
|
★ New UserStep 7
Google Consent Mode v2 Setup
|
Our website uses Google Analytics and Google Ads. Walk
me through configuring Google Consent Mode v2 in Cookie
Consent Manager so that our consent signals are correctly
passed to Google's systems. Explain the difference between
Basic and Advanced Mode and tell me which setting is
appropriate for our GDPR compliance obligations. |
|
★ New UserStep 8
IAB TCF 2.2 Compliance Review
|
Does our current Cookie Consent Manager banner configuration
comply with the IAB Transparency and Consent Framework
(TCF) 2.2? Review our current setup and identify any
gaps. Explain what IAB TCF 2.2 requires and what changes
I need to make to achieve full compliance, including
purpose mapping and vendor list management. |
|
★ New UserStep 9
Multi-Domain Banner Management
|
Our company operates websites across multiple regions.
Using Cookie Consent Manager, how should I structure
our banner configurations across these domains? Should
I use a single banner with Location Settings or create
separate banners per region? Show me our current domain
list, their active banner configurations, and any domains
that are missing a compliant banner. |
|
★ New UserStep 10
Tracker Rules & Custom Categorization
|
I have third-party trackers on our website that are not
being correctly categorized in Cookie Consent Manager.
Using the Tracker Rules Engine, walk me through how to
create custom rules — including REGEX patterns — to properly
categorize these trackers. Show me which trackers currently
have no category assigned and suggest appropriate categories
for each. |
|
⚡ Advanced
Consent Rate Optimization — GDPR Compliance Report Analysis
|
Using Cookie Consent Manager's GDPR Compliance Report
CSV, analyze our banner performance across all domains
and identify specific opportunities to improve consent
opt-in rates. Break down rates by consent category, geography,
device type, and browser. Recommend specific changes
to banner design, consent wording, or category configuration
that are most likely to improve rates without compromising
compliance. |
|
⚡ Advanced
Cross-Domain Consent Synchronization
|
We operate multiple websites that share the same root
domain and want to synchronize consent signals across
them using Cookie Consent Manager's Consent UID feature.
Walk me through the cross-domain consent configuration,
explain the domain whitelisting requirements, and show
me how to verify that consent granted on one domain is
being correctly recognized on our other properties. |
|
⚡ Advanced
IAB GPP — US State Privacy Configuration Audit
|
Using Cookie Consent Manager, audit our IAB Global Privacy
Platform (GPP) configuration for US state privacy laws
— including California (CCPA/CPRA), Virginia, Colorado,
Connecticut, and Texas. For each state, verify that the
correct GPP section is enabled, the MSPA mode is configured
correctly, and our purpose-to-category mapping aligns
with the applicable state law requirements. |
|
⚡ Advanced
GPC & DNT Signal Reporting Audit
|
Using Cookie Consent Manager, generate a comprehensive
report on Global Privacy Control (GPC) and Do Not Track
(DNT) signal handling across our domains. Show the volume
of visitors triggering each signal, how our configurable
GPC handling modes are set, whether we are correctly
reporting automated GPC opt-outs in the GDPR Compliance
Report, and any configuration changes needed. |
|
⚡ Advanced
Google Consent Mode v2 — Advanced Mode Validation
|
Our Cookie Consent Manager is configured for Google Consent
Mode v2 Advanced Mode. Validate that all six consent
types — analytics_storage, ad_storage, ad_user_data,
ad_personalization, functionality_storage, and security_storage
— are being correctly passed to Google based on our consent
category mappings. Flag any misconfigured mappings. |
|
⚡ Advanced
Tracker Rules Engine — REGEX Audit for Complex Vendors
|
Audit our Cookie Consent Manager Tracker Rules Engine
configuration for complex third-party vendors that use
dynamic URL patterns. Identify any trackers that are
currently being miscategorized due to insufficient REGEX
rules. Provide updated REGEX patterns for each affected
tracker and explain how to apply Sub-Category Mapping
for more granular control. |
|
⚡ Advanced
Re-Consent Campaign Planning
|
We have updated our privacy notice and need to trigger
a re-consent campaign across our website visitor base.
Using Cookie Consent Manager, explain the mechanism for
forcing a re-consent prompt — including consent duration
settings and URL parameters — and walk me through planning
a campaign that minimizes disruption to user experience
while ensuring we recapture valid consent under GDPR. |
|
⚡ Advanced
Analytics API — Custom Consent Reporting
|
I want to build a custom consent performance dashboard
using data from the Cookie Consent Manager Analytics
REST API. Walk me through the available API dimensions
and metrics — including domain, session-level data, and
category-level opt-in rates — and help me design a data
model that will power a monthly consent performance report
for our privacy and marketing teams. |
|
⚡ Advanced
GPC Signal — California Visitors Report
|
Using Cookie Consent Manager, how many website visitors
have enabled the Global Privacy Control (GPC) signal
on our consent banner? Generate a detailed report showing
the number of GPC-enabled visitors specifically from
California, how our system is currently handling these
signals, and whether our configuration meets CCPA/CPRA
requirements for honoring GPC as a valid opt-out signal. |
|
⚡ Advanced
Cookie Preference Confirmation — Regulatory Requirement
Audit
|
Is there a regulatory requirement under GDPR, CCPA, or
other applicable laws that our cookie consent banner
must display a confirmation notice after a user accepts
or rejects their preferences? Using Nymity Research,
identify all relevant regulations that address this requirement
and present them in a compliance table alongside our
current Cookie Consent Manager configuration. |
|
⚡ Advanced
California Consent Performance — Opt-In & Opt-Out
Report
|
Generate a report for my cookie consent banner showing
me the opt-ins and opt-outs specifically for California
visitors. Break down the results by consent category,
include the volume of visitors, and highlight any categories
where opt-out rates are significantly higher than average.
Suggest configuration changes to improve opt-in rates
while staying compliant with CCPA/CPRA. |
Consent & Preferences Manager
⭐ 10 New User | ⚡ 11 Advanced| Tag & Topic | Ask Arc Prompt |
|---|---|
|
★ New UserStep 1
Platform Structure — Brands, Programmes & Forms
|
I am new to Consent & Preferences Manager. Explain
the organizational hierarchy — how Brands, Programmes,
Forms, and Consent Records relate to each other. Walk
me through setting up my first Brand and Programme and
explain why this structure matters for managing consent
across multiple marketing initiatives or regional programmes. |
|
★ New UserStep 2
Building Your First Consent Form
|
I need to build my first consent form in Consent &
Preferences Manager for our email marketing programme.
Guide me through the Form Builder — including which field
types to use, how to configure toggles and checkboxes,
how to set the form to Active status, and how to generate
a tokenized URL to embed on our website. |
|
★ New UserStep 3
GDPR Consent Requirements Checklist
|
Review my active consent forms in Consent & Preferences
Manager and assess whether each one meets the GDPR standard
for valid consent — specifically: freely given, specific,
informed, and unambiguous. Identify any forms where the
consent mechanism does not meet the GDPR standard and
tell me exactly what changes are needed. |
|
★ New UserStep 4
Double Opt-In Configuration
|
I need to implement double opt-in for our email consent
forms in Consent & Preferences Manager to comply
with requirements in Germany and Austria. Walk me through
configuring double opt-in, how the confirmation email
is triggered, how bounced emails are logged and retried,
and how to review the confirmation log to monitor completion
rates. |
|
★ New UserStep 5
Consent Records Audit
|
Show me all consent records in Consent & Preferences
Manager for the last 90 days. For each record, display
the data subject identifier, the form used, the consent
decision (opt-in or opt-out), the timestamp, and the
IP address. Flag any records missing required metadata
that could undermine our ability to demonstrate valid
consent under GDPR. |
|
★ New UserStep 6
Marketing Platform Integration Setup
|
I want to sync consent data from Consent & Preferences
Manager with our [PLATFORM — e.g., Salesforce / HubSpot
/ Marketo / Mailchimp]. Walk me through the integration
setup, explain the difference between batch sync and
real-time sync, and tell me which consent fields will
be mapped to our CRM so that only opted-in contacts receive
marketing communications. |
|
★ New UserStep 7
Preference Center Setup
|
I want to give our customers a self-service Preference
Center where they can manage their own consent and communication
preferences. Walk me through the Preference Center setup
in Consent & Preferences Manager, explain what options
I can present to data subjects, and show me how a customer
can view and update their own consent history. |
|
★ New UserStep 8
Consent Withdrawal & GDPR Deletion
|
A data subject has requested to withdraw their consent
and have their personal data deleted from our consent
records. Using Consent & Preferences Manager, walk
me through identifying their record, recording the withdrawal,
completing the GDPR deletion, and confirming what audit
trail remains after deletion so we can demonstrate compliance. |
|
★ New UserStep 9
Form Versioning & Re-Consent
|
We have updated our privacy notice and need to re-obtain
consent from existing subscribers. Using Consent &
Preferences Manager, explain how form versioning works,
how to publish a new version, and how to identify which
data subjects consented under the old version and now
need to be prompted to consent again. |
|
★ New UserStep 10
Opt-In Rate Analysis & Programme Performance
|
Using Consent & Preferences Manager, generate an
executive-level report analyzing opt-in performance across
all active consent forms and programmes. Break the results
down by region and identify which programme or form is
generating the highest number of opt-ins. Provide recommendations
for improving opt-in rates on underperforming forms while
staying compliant. |
|
⚡ Advanced
Marketing Platform Integration Performance Analysis
|
Using Consent & Preferences Manager Integration Logs,
analyze the performance of our Salesforce / HubSpot /
Marketo integration over the last 90 days. Identify any
sync failures, API errors, or records that failed to
transfer consent status correctly. Show me the percentage
of consent records that are fully in sync across both
systems and recommend configuration changes to improve
sync reliability. |
|
⚡ Advanced
Double Opt-In Completion Rate Optimization
|
Analyze our double opt-in completion rates in Consent
& Preferences Manager for the last six months. What
percentage of data subjects who submitted a consent form
went on to complete the email confirmation step? Show
me the bounced email log, identify patterns in why confirmations
are failing, and recommend steps to improve completion
rates for key markets including Germany and Austria. |
|
⚡ Advanced
Consent Data Migration Strategy
|
We are migrating consent records from a legacy system
into Consent & Preferences Manager. Walk me through
the CSV import pre-validation process, the Change Format
configuration, the migration criteria we need to set
(including consent timestamp, source, and form version
mapping), and how to use the Consents API for bulk migration.
What quality checks should I run after migration to verify
data integrity? |
|
⚡ Advanced
Cross-Channel Consent Consistency Audit
|
We collect consent across multiple channels — website
forms, email, mobile app, and our CRM. Using Consent
& Preferences Manager, audit whether the consent
status for each data subject is consistent across all
channels. Identify any data subjects where consent is
recorded as opted-in on one channel but opted-out on
another, and recommend how to resolve these inconsistencies. |
|
⚡ Advanced
GDPR Article 7 Consent Validity Audit
|
Using Consent & Preferences Manager, run a GDPR Article
7 consent validity audit across all active consent forms.
For each form, verify that: consent was not pre-ticked
(Default Off or Ignored state), consent was not bundled
with terms and conditions acceptance, the data subject
was given a genuine free choice, and the consent request
was granular enough to be specific to each processing
purpose. |
|
⚡ Advanced
Regulatory Inspection — Consent Evidence Export
|
We are facing a potential inquiry from a data protection
authority requesting evidence of our consent collection
practices. Using Consent & Preferences Manager, generate
a complete consent evidence package for the last 24 months:
export all consent records showing the latest consent
per form and brand, include IP metadata, form version
at time of consent, and email delivery logs. Explain
how to apply identifier masking to protect data subject
privacy during the export. |
|
⚡ Advanced
Consent Lifecycle Management — Full Journey
|
Map the complete consent lifecycle in Consent & Preferences
Manager for a typical data subject — from initial opt-in
through preference changes, re-consent events, and ultimately
withdrawal or deletion. Show me the lifecycle notification
events available, how CRM sync timing affects the data
subject's experience, and how the platform ensures the
data subject's current consent state is always reflected
accurately in downstream marketing systems. |
|
⚡ Advanced
Brand/Programme/Form Hierarchy Optimization
|
Our Consent & Preferences Manager instance has grown
organically and the Brand/Programme/Form hierarchy no
longer reflects our current marketing structure. Review
our current setup and recommend a revised hierarchy that
better supports our regional and product-line structure.
Explain how to create new Brands and Programmes directly
in the Form Builder and what the impact of restructuring
will be on existing consent records. |
|
⚡ Advanced
ICO UK GDPR — Top 3 Forms Compliance Review
|
Using Consent & Preferences Manager, assess whether
our top three active consent forms comply with ICO UK
GDPR requirements. For each form, evaluate the consent
language, the opt-in/opt-out mechanism design, the granularity
of consent per processing purpose, and whether the form
version history demonstrates we have maintained valid
consent through any policy changes. Identify specific
compliance gaps and provide recommended corrective actions. |
|
⚡ Advanced
Consent Opt-In Report — Top 3 Forms by Geography
|
Generate a report showing the number of users who have
opted in and opted out across the top three forms in
Consent & Preferences Manager. Segment the report
by geography and present it in a clear, executive-friendly
format suitable for sharing with leadership to demonstrate
consent programme performance by region. |
|
⚡ Advanced
Regional Opt-In Analysis — Which Programme Gets Maximum
Opt-Ins
|
Analyze the data in Consent & Preferences Manager
and generate an executive-level report showing the maximum
number of opt-ins happening per region. The main purpose
is to identify which programme is generating the most
opt-ins overall. Include a geographic breakdown and highlight
the top-performing programmes for each region. |
Multi-Product Prompts
⭐ 10 New User | ⚡ 6 Advanced| Tag & Topic | Products Used | Ask Arc Prompt |
|---|---|---|
|
★ New UserStep 1
90-Day Onboarding Roadmap — All Products
|
All TrustArc Products |
I have just been given access to the full TrustArc platform
— including Data Mapping & Risk Manager, Assessment
Manager, PrivacyCentral, Nymity Research, Individual
Rights Manager, Cookie Consent Manager, and Consent &
Preferences Manager. Create a 90-day onboarding roadmap
telling me which products to configure first, in what
order, and what the key setup steps are for each. Prioritize
the activities that will deliver the fastest compliance
value and show me how each product connects to the others. |
|
★ New UserStep 2
Privacy Programme Health Check
|
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager |
Run a complete privacy programme health check across
TrustArc. Review the completeness of my data inventory
in Data Mapping & Risk Manager, the status of assessments
in Assessment Manager, compliance scores in PrivacyCentral,
and open DSR requests in Individual Rights Manager. Give
me an overall programme health score and the top 10 actions
I should take this quarter to improve it. |
|
★ New UserStep 3
GDPR Readiness Report — Full Platform
|
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Cookie Consent Manager, Consent & Preferences Manager, Individual Rights Manager |
Using all available TrustArc products, assess our overall
readiness for GDPR compliance. Review data mapping records,
completed DPIAs, PrivacyCentral compliance controls,
cookie consent configuration, consent records, and DSR
fulfillment history. Produce a comprehensive GDPR readiness
report with a traffic-light status for each key GDPR
requirement and a prioritized remediation plan. |
|
★ New UserStep 4
Vendor Risk to Assessment Pipeline
|
Data Mapping & Risk Manager, Assessment Manager |
Analyze all vendor records in Data Mapping & Risk
Manager and cross-reference with Assessment Manager to
identify vendors with a high or critical inherent risk
score that have no active or completed risk assessment.
Generate a prioritized assessment pipeline showing vendor
name, risk score, recommended assessment type, and suggested
launch date. |
|
★ New UserStep 5
Third-Party Risk — Full Lifecycle
|
Data Mapping & Risk Manager, Assessment Manager, Nymity Research |
Walk me through the complete lifecycle of managing third-party
privacy risk using TrustArc — from vendor onboarding
in Data Mapping & Risk Manager, through risk assessment
in Assessment Manager, to checking regulatory obligations
in Nymity Research. Show me the current state of our
vendor risk programme and identify the biggest gaps in
our third-party risk management process. |
|
★ New UserStep 6
Consent & Rights Alignment Check
|
Consent & Preferences Manager, Individual Rights Manager, Cookie Consent Manager |
Review the alignment between our consent collection in
Consent & Preferences Manager, our cookie consent
configuration in Cookie Consent Manager, and our DSR
fulfilment capability in Individual Rights Manager. Identify
any gaps — for example, where we collect consent in one
system but cannot honour a corresponding withdrawal request
— and recommend steps to close those gaps. |
|
★ New UserStep 7
Privacy by Design Review
|
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral |
Our development team is launching a new product feature
that will collect user location data. Using Data Mapping
& Risk Manager, Assessment Manager, and PrivacyCentral,
conduct a Privacy by Design review: determine whether
a DPIA is required, identify what data elements and legal
bases need to be documented, flag which compliance controls
are triggered, and provide the team with a clear checklist
of what must be completed before the feature can launch. |
|
★ New UserStep 8
Regulatory Change Impact Assessment
|
Nymity Research, PrivacyCentral, Data Mapping & Risk Manager |
A new privacy regulation has recently been enacted or
significantly updated in [JURISDICTION]. Using Nymity
Research, summarize the key new obligations. Using PrivacyCentral,
identify which of our compliance controls are affected.
Using Data Mapping & Risk Manager, flag any business
processes or data transfers that need to be updated to
comply. Generate a consolidated impact assessment with
a remediation plan. |
|
★ New UserStep 9
Executive Privacy Dashboard
|
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager |
Build an executive-level privacy dashboard drawing data
from Data Mapping & Risk Manager, Assessment Manager,
PrivacyCentral, and Individual Rights Manager. Include:
total vendors assessed, overall GDPR and CCPA compliance
scores, number of open DSRs and their compliance status,
high-risk assessments pending approval, and regulatory
changes flagged in the last 30 days. Format as a board-ready
one-page summary. |
|
★ New UserStep 10
Engagement Summary — Account Highlights
|
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager |
Build a comprehensive highlights report of accomplishments
in the TrustArc platform for [CUSTOMER NAME], covering:
the total number of records in Data Mapping & Risk
Manager, number of completed assessments in Assessment
Manager, compliance progress in PrivacyCentral, key DSR
achievements in Individual Rights Manager, and which
users are most actively engaged with the platform. Tell
a compelling story of privacy programme progress broken
down by fiscal year quarter starting in [MONTH]. |
|
⚡ Advanced
Privacy Programme Maturity Assessment — All Products
|
All TrustArc Products |
Conduct a comprehensive privacy programme maturity assessment
across all TrustArc products. Using a five-level maturity
model, evaluate our programme maturity in data inventory
management, assessment coverage, regulatory compliance,
DSR fulfilment, and consent management. For each dimension,
assign a maturity level, explain the evidence from the
platform supporting that rating, and provide a specific
roadmap to reach the next maturity level. |
|
⚡ Advanced
Annual Privacy Programme Board Report
|
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager, Nymity Research |
Generate a comprehensive annual privacy programme board
report for [COMPANY NAME] drawing data from all TrustArc
products. Include: data inventory statistics and risk
profile, assessment completion rates and risk reduction
metrics, compliance scores by framework with quarter-over-quarter
trends, DSR volume and fulfilment performance, an enforcement
landscape summary from Nymity Research, and key programme
achievements. Format as an executive board package with
compelling visuals. |
|
⚡ Advanced
Regulatory Inspection Readiness Package
|
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager, Consent & Preferences Manager |
Our company is preparing for a potential regulatory inspection
by a data protection authority. Using all relevant TrustArc
products, compile a regulatory readiness evidence package
including: our current Article 30 ROPA from Data Mapping
& Risk Manager, completed DPIAs from Assessment Manager,
compliance control evidence from PrivacyCentral, DSR
fulfilment audit trail from Individual Rights Manager,
and consent records from Consent & Preferences Manager.
Identify any gaps in our evidence that we need to address
before the inspection. |
|
⚡ Advanced
Cross-Product Compliance Gap Identification
|
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager |
Using data across TrustArc products, identify the key
cross-product compliance gaps in our privacy programme:
vendors in DMRM with no completed assessment in AM, business
processes missing compliance controls in PrivacyCentral,
DSR fulfilment delays in IRM that indicate DMRM data
location gaps, and consent records in CPM that do not
align with the legal bases documented in DMRM. Generate
a prioritized gap closure plan. |
|
⚡ Advanced
Engagement Summary Email — Account Manager
|
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager |
Draft a compelling client engagement email written from
the perspective of a TrustArc Account Manager, addressed
to [CUSTOMER NAME]. The email should highlight a story
about user engagement, key programme milestones, and
specific achievements across their TrustArc products
based on the data in the attached PDF [ATTACH PDF]. Make
the email feel personal, data-driven, and forward-looking. |
|
⚡ Advanced
High-Risk Assessments & Time-to-Approval — Executive
Geo Report
|
Data Mapping & Risk Manager, Assessment Manager |
Show me all the assessments that have high inherent risk.
Also, list all the assessments that are taking the maximum
time from initiation to approval. I want to see an executive
level report geography-wise on assessments with all the
data that is required to run my global privacy programme.
This report is for the executives team. So generate the
image in such a way that resonates with them with great
graphics. |
Organizational Hierarchy
⭐ 5 New User | ⚡ 5 Advanced| Tag & Topic | Ask Arc Prompt |
|---|---|
|
★ New UserStep 1
Why Organization Hierarchy Matters — Setup First
|
I am new to TrustArc and I can see there is an Organization
Hierarchy section. Explain what Organization Hierarchy
is, why it is described as a foundational layer, and
how setting it up correctly first will improve how Data
Mapping & Risk Manager, PrivacyCentral, and Assessment
Manager work for our organization. What happens if I
skip this step and go straight to building my data inventory? |
|
★ New UserStep 2
Creating the Primary Entity — Company Profile Setup
|
Walk me through creating our Primary Entity in Organization
Hierarchy. What information do I need to provide — including
headquarters location, industry sector, company type,
number of employees, and data subject categories — and
how does the system use this information to recommend
applicable privacy laws and compliance frameworks in
PrivacyCentral? |
|
★ New UserStep 3
Adding Company Affiliates, Business Units & Departments
|
I need to build out our full organizational structure
in Organization Hierarchy. Explain the difference between
a Company Affiliate, a Business Unit, and a Department,
when to use each entity type, and how to add them to
the hierarchy using the (+) icon. Walk me through how
to use the Autofill button to pre-populate a new entity
from its parent, and explain what the tier labels mean
and how to rename them. |
|
★ New UserStep 4
Assigning Users to Entities
|
I need to assign team members to the correct entities
in Organization Hierarchy so they have access to the
right records in Data Mapping & Risk Manager and
PrivacyCentral. Walk me through how to add users to an
entity using the person icon on the entity card, explain
how parent-entity membership automatically grants access
to child entities, and tell me how to use CSV bulk import
to assign users at scale. |
|
★ New UserStep 5
Linking Org Hierarchy to DMRM Records
|
Now that I have built our Organization Hierarchy, how
do I connect it to our Data Mapping & Risk Manager
records? Walk me through setting the Owned By field on
Business Process, System, and Third-Party records to
the correct Company Affiliate, Business Unit, or Department.
Explain why owning entity assignment matters for filtering
records, generating scoped Article 30 reports, and organizing
our data inventory by business function. |
|
⚡ Advanced
Bulk CSV Import — Scaling the Hierarchy
|
Our organization has a complex hierarchy with dozens
of entities across multiple regions. Walk me through
using the CSV bulk import feature in Organization Hierarchy
to add and update entity records at scale. What fields
are required in the CSV template, how do I map parent-child
relationships in the file, and what validation steps
should I run after the import to confirm the hierarchy
is structured correctly? |
|
⚡ Advanced
Record-Level Access Control via Org Hierarchy
|
I want to restrict which users can view and edit specific
records in Data Mapping & Risk Manager based on their
Organization Hierarchy membership — for example, limiting
the IT department to only seeing IT-related Business
Process and System records. Walk me through enabling
this access control feature (including the requirement
to contact TrustArc Support), configuring the custom
permission group with the Org attribute, and adding entities
to the access field on Hub records. Explain the key limitations
— especially the Creator and Collaborator edge cases
— so I can plan the rollout correctly. |
|
⚡ Advanced
Scoping Article 30 ROPA Reports by Company Affiliate
|
We need to generate separate Article 30 ROPA reports
for individual Company Affiliates to share with the relevant
national Data Protection Authorities. Using the Organization
Hierarchy owning entity structure in Data Mapping &
Risk Manager, walk me through generating a scoped Article
30 report for a specific Company Affiliate. Explain the
difference between the global default report and the
DPA-scoped option, what appears in the Overview section
of the scoped report, and how Joint Controllers are handled
differently when a specific affiliate is selected. |
|
⚡ Advanced
Data Subject Inheritance from Entity to System Records
|
I want to configure our Organization Hierarchy entities
so that when a Company Affiliate is set as the owner
of a System inventory record in Data Mapping & Risk
Manager, the data subjects and locations configured at
the entity level are automatically offered for inheritance
into the system record. Walk me through enabling the
law applicability rules setting on the entity, configuring
data subjects and locations in Organization Hierarchy,
and accepting the inheritance offer when setting the
Owned By field on a System record. |
|
⚡ Advanced
Cross-Product Hierarchy Audit — DMRM, PrivacyCentral
& Assessment Manager
|
We have recently restructured our Organization Hierarchy
after a corporate reorganization. Walk me through auditing
the downstream impact across TrustArc products: (1) in
Data Mapping & Risk Manager, identify all Business
Process, System, and Third-Party records whose Owned
By entity no longer exists or has been renamed; (2) in
Assessment Manager, identify assessments whose Owning
Entity is stale or unassigned; (3) in PrivacyCentral,
confirm that org unit filters still return the correct
scoped compliance data. Generate a remediation checklist
I can use to realign all affected records to the updated
hierarchy. |