Ask Arc Prompt Library

Ask Arc Prompt Library — TrustArc

TrustArc Ask Arc  ·  AI Assistant

Ask Arc Prompt Library

A curated collection of ready-to-use prompts for Ask Arc, the AI assistant built into TrustArc. Organized by product, from New User onboarding steps through to Advanced analysis.

How to use

  1. Copy any prompt below
  2. Log in to TrustArc
  3. Click the Ask Arc button (top-right corner)
  4. Paste into the chat and send
general

General & Reporting

⭐ 10 New User  |  ⚡ 10 Advanced
★ New User prompts follow a recommended setup sequence  ·  ⚡ Advanced prompts are for experienced users seeking deeper analysis
Tag & Topic Ask Arc Prompt
New UserStep 1
Getting Started — What Can Arc Do?
What can you help me with as an AI assistant inside TrustArc? Give me a tour of your capabilities — including what types of questions you can answer, what reports you can generate, what data you can analyze across TrustArc products, and the best way to phrase prompts to get the most useful responses.
New UserStep 2
Privacy Programme Status — Quick Summary
Give me a quick summary of the current status of our privacy programme across TrustArc. How complete is our data inventory, how many assessments are in progress or overdue, what is our current compliance score, and are there any open data subject requests that need attention? Present this as a one-page snapshot I can share with my manager.
New UserStep 3
Explain a Privacy Term or Concept
Explain what [INSERT TERM — e.g., DPIA, legitimate interests, data minimization, sub-processor, pseudonymization] means in plain language. Give me a practical example of how it applies to our privacy programme in TrustArc and tell me which product or feature I should use to manage this requirement.
New UserStep 4
Generate a Simple Summary Report
Generate a simple summary report of our current privacy programme activity. Include: the number of vendors and systems in our data inventory, the number of assessments completed this quarter, our current compliance progress percentage, and the number of open data subject requests. Present it in a clean, easy-to-read format.
New UserStep 5
What Should I Prioritize This Week?
Based on everything you can see in TrustArc right now — overdue assessments, low compliance scores, missing data in records, and open DSR deadlines — what are the top five things I should prioritize completing this week? Rank them by compliance risk and give me a brief reason for each.
New UserStep 6
Explain a Regulatory Requirement
Explain the key requirements of [INSERT REGULATION — e.g., GDPR, CCPA, DPDPA, LGPD, PIPEDA] in plain language. What are the most important obligations for a company like ours? Which TrustArc products help us meet each obligation, and where should I start?
New UserStep 7
Create a Visual Summary of My Data
Using the data available across TrustArc, create a visual summary of our privacy programme. Include a chart or graphic showing the breakdown of vendors by risk level, the status of our assessments, and our compliance scores across active frameworks. Make it clear and suitable for sharing with a non-technical audience.
New UserStep 8
What Are My Biggest Compliance Risks Right Now?
Looking across all TrustArc products, what are our biggest compliance risks right now? Consider overdue assessments, high-risk vendors with no assessment on file, missing legal bases in our data inventory, open DSRs approaching their deadline, and any compliance controls flagged as non-compliant. Summarize the top risks in priority order.
New UserStep 9
Draft a Privacy Update for My Team
Draft a short internal privacy update email I can send to my team this week. Summarize what we have accomplished in TrustArc recently, what key deadlines or tasks are coming up, and any important regulatory changes we should be aware of. Keep the tone professional and concise — suitable for a weekly team communication.
New UserStep 10
How Do I Get the Most Out of Arc?
What are your top tips for getting the best results when using Arc? Explain how to write effective prompts, what context helps you give better answers, which types of questions you answer best, and any limitations I should be aware of. Give me five example prompts that demonstrate what you are most capable of doing.
Advanced
Executive Privacy Programme Dashboard — Board-Ready
Build a comprehensive executive-level privacy programme dashboard drawing on all available data in TrustArc. Include: overall compliance scores by framework, high-risk vendors and systems with no completed assessment, open DSR volume and deadline performance, data inventory completeness, and key regulatory changes flagged in the last 30 days. Format as a board-ready one-page visual with traffic-light status indicators.
Advanced
Quarterly Privacy Report — Leadership Package
Generate a complete quarterly privacy programme report for leadership covering the last three months. Include: assessments initiated, completed, and approved; compliance score movement by framework; DSR volume, type breakdown, and fulfilment rate; new vendors onboarded and their risk classification; and any regulatory changes that affected our programme. Present as a polished executive package with charts and a key takeaways section.
Advanced
Year-in-Review — Annual Privacy Programme Summary
Produce a year-in-review summary of our privacy programme for the past 12 months. Cover all major accomplishments: records added to the data inventory, assessments completed and risks remediated, compliance scores improved, DSRs fulfilled, consent records captured, and regulatory changes we responded to. Include a visual timeline of key milestones and a forward-looking section on priorities for the year ahead.
Advanced
Regulatory Landscape Snapshot — All Active Jurisdictions
Generate a regulatory landscape snapshot covering all jurisdictions where we currently process personal data. For each jurisdiction, summarize the applicable privacy law, our current compliance status, any upcoming regulatory changes flagged in Nymity Research, and the top three actions we need to take to improve our standing. Present as a table formatted for executive review.
Advanced
Cross-Product Risk Heatmap — Programme Gaps
Create a risk heatmap across all TrustArc products showing where our privacy programme has the highest concentration of unresolved risk. Plot risk by product area — data inventory completeness, assessment coverage, compliance control gaps, DSR fulfilment delays, and consent record quality. Highlight the three areas that require the most urgent attention and suggest immediate remediation actions for each.
Advanced
Privacy KPI Scorecard — Custom Metrics
Build a privacy KPI scorecard for our programme using data from across TrustArc. Include the following metrics: percentage of vendors with a completed risk assessment, ROPA completeness score, average DSR response time vs. statutory deadline, compliance control effectiveness percentage, percentage of business processes with a completed DPIA where required, and consent opt-in rate trend. Present as a scorecard with RAG (Red/Amber/Green) status for each KPI.
Advanced
Trend Analysis — 12-Month Programme Performance
Analyze how our privacy programme has performed over the past 12 months across all TrustArc products. Show trend lines for: compliance score movement, assessment completion rate, DSR volume and fulfilment speed, vendor risk profile changes, and consent opt-in rate. Identify where we are improving and where performance has stalled or declined. Generate an executive-ready visual suitable for board presentation.
Advanced
Privacy Programme Gap Analysis — Custom Framework
Conduct a comprehensive gap analysis of our privacy programme against best-practice privacy programme management standards. Evaluate our maturity across five dimensions: (1) Data Inventory & Mapping, (2) Risk Assessment Coverage, (3) Regulatory Compliance Monitoring, (4) Individual Rights Fulfilment, and (5) Consent & Preference Management. For each dimension, assign a maturity rating, summarize the evidence from TrustArc data, and recommend the specific next steps to advance our programme.
Advanced
Regulatory Change Digest — Action-Oriented Briefing
Using the latest regulatory intelligence available, generate an action-oriented regulatory change digest for the current month. For each significant development, provide: the jurisdiction and law affected, a plain-language summary of what changed, which of our TrustArc records or compliance controls are impacted, and the specific action we need to take with a suggested deadline. Format as a briefing document I can share with the privacy team.
Advanced
Privacy Accountability Report — External Stakeholder Version
Draft a privacy accountability report suitable for sharing with external stakeholders — including customers, partners, or regulators. Cover: the scope of our privacy programme, the frameworks and laws we are actively managing compliance against, our assessment and risk management practices, how we handle data subject rights, our consent management approach, and any independent evidence of our compliance commitment. Keep the language clear, credible, and free of internal jargon.
dmrm

Data Mapping & Risk Manager

⭐ 10 New User  |  ⚡ 13 Advanced
★ New User prompts follow a recommended setup sequence  ·  ⚡ Advanced prompts are for experienced users seeking deeper analysis
Tag & Topic Ask Arc Prompt
New UserStep 1
Platform Orientation & Setup Order
I have just started using Data Mapping & Risk Manager. Walk me through the recommended setup sequence — starting with Company Affiliates, then Third-Party vendors, then Systems, then Business Processes — and explain why each layer matters for building a complete and audit-ready data inventory.
New UserStep 2
Company Affiliates Setup
Help me set up our Company Affiliates in Data Mapping & Risk Manager. Explain what a Company Affiliate record represents, what information I need to configure for each affiliate (including jurisdiction and DPO details), and why this foundation is critical before creating any other records.
New UserStep 3
Vendor Onboarding — Best Approach
I need to add my vendors to Data Mapping & Risk Manager. Compare the three onboarding methods — manual entry, bulk CSV import, and AI-assisted record creation — and recommend the best approach for my situation. Walk me through the chosen method step by step and tell me what information I will need for each vendor record.
New UserStep 4
System Records Setup
Guide me through creating System records in Data Mapping & Risk Manager. Explain what a System record captures (including the IT systems and applications that process personal data), how to link systems to the correct Company Affiliate, and which fields are most important to complete first.
New UserStep 5
Business Process Records
I need to create my first Business Process record in Data Mapping & Risk Manager. Walk me through the three available template types, the eight-step creation workflow, and the key fields I must complete — including data elements, processing purposes, legal bases, and retention periods — to make the record compliance-ready.
New UserStep 6
Data Elements & Legal Bases Audit
Review all Business Processes in Data Mapping & Risk Manager and show me which ones are missing a legal basis, processing purpose, or defined retention periods. Present the gaps in a prioritized table so I know exactly which records to complete first.
New UserStep 7
Data Transfer Mapping
Show me all international data transfers recorded in Data Mapping & Risk Manager, including the transfer mechanism used for each (e.g., Standard Contractual Clauses, Adequacy Decision, Binding Corporate Rules). Flag any transfers that are missing a valid mechanism and are therefore potentially non-compliant with GDPR Chapter V.
New UserStep 8
Understanding Risk Scoring
Explain the three dimensions of risk scoring in Data Mapping & Risk Manager — Data Processing Risk, Data Transfer Risk, and AI Risk. For each dimension, explain what Inherent Risk, Assessment Risk, and Residual Risk mean in practice, and show me which of my current records have the highest overall risk scores.
New UserStep 9
ROPA — Article 30 Report Generation
I need to produce my first Record of Processing Activities (ROPA) under GDPR Article 30. Using my current data in Data Mapping & Risk Manager, generate both a Controller Report and a Processor Report. Highlight any business processes that are missing required fields such as legal basis, data elements, or retention periods before I download the report.
New UserStep 10
Revalidation & Data Freshness Schedule
Which vendor records, system records, or business processes in Data Mapping & Risk Manager are past their revalidation date or have not been reviewed in the last 12 months? List them in priority order and suggest a revalidation schedule I can use to keep my data inventory current and audit-ready.
Advanced
International Data Transfer Mechanism Validation
Review all Business Process and System records in Data Mapping & Risk Manager that have a Data Transfer Risk score of High or Medium. For each record, identify whether an International Data Transfer Impact Assessment has been completed and whether a Residual Data Transfer Risk score has been calculated. List any records missing a completed transfer mechanism and generate a remediation plan.
Advanced
Sub-Processor Chain Mapping & Article 28
I need to map my sub-processor chain for GDPR Article 28 compliance. In Data Mapping & Risk Manager, identify all Third-Party records assigned the 'Sub-Processor' role, show me which Business Process records they are linked to, and confirm they appear correctly in the Sub-Processors section of the corresponding Article 30 reports.
Advanced
Vendor Risk — Executive Geography Report
List all the vendors having high inherent risk levels for whom we haven't conducted any risk assessments. I also want to view a report geography-wise with risk rating for all the vendors in my inventory. This report is for the executives team. So generate the image in such a way that resonates with them.
Advanced
Vendor Security Mapping to GDPR Article 32
What security measures do my vendors have documented in Data Mapping & Risk Manager? Map those measures against GDPR Article 32 requirements and identify all vendors that are non-compliant. Include the specific reasons for non-compliance for each vendor.
Advanced
Bulk AI Record Creation for Vendor Onboarding
Walk me through using the Bulk AI Record Creation feature in Data Mapping & Risk Manager to rapidly onboard a new set of third-party vendors. Explain how to trigger AI Autofill to auto-populate record fields, how to verify suggested data before creation, and what quality checks I should run after the records are created.
Advanced
AI Systems Inventory & EU AI Act Readiness
How many systems in my Data Mapping & Risk Manager inventory are currently flagged as using Artificial Intelligence? For each AI system, show me the AI Risk score and whether an AI Risk Assessment has been completed in Assessment Manager. Identify any gaps that create EU AI Act compliance exposure.
Advanced
Three-Dimensional Risk Score Analysis
For our upcoming regulatory audit, generate a consolidated risk view across all three risk dimensions in Data Mapping & Risk Manager — Data Processing Risk, Data Transfer Risk, and AI Risk. For each Business Process record, show the Inherent Risk, Assessment Risk, and Residual Risk scores, and flag any records where residual risk remains High after controls have been applied.
Advanced
Automation Rules for Risk-Based Assessment Routing
Help me design Automation Rules in Data Mapping & Risk Manager that implement risk-tiered assessment routing: (1) mark records with no high-risk indicators as Not Required, (2) route records with one risk factor to a PIA template, and (3) route records with two or more risk factors to a DPIA template. Scope the rules to our EU entities.
Advanced
Data Retention Compliance Across Jurisdictions
Verify that all System and Business Process records in Data Mapping & Risk Manager have data retention periods configured at the data element level. Show me any records missing retention periods and generate a comprehensive retention schedule report covering all jurisdictions where we process personal data.
Advanced
Business Process Privacy Report & Article 28
Generate a privacy report for my Employee Onboarding business process in Data Mapping & Risk Manager and produce an Article 28 report. Compare the data captured against GDPR requirements, identify all compliance gaps, and recommend specific remediation steps to achieve full GDPR compliance.
Advanced
Data Elements Breach Risk Analysis — Executive Image
Analyse the data elements involved across all Business Processes in Data Mapping & Risk Manager against known breach risk profiles to suggest severity ratings for each. Present the results in a compelling image suitable for executive team presentation.
Advanced
TIA — Laws & Practices Relevant to Transfer (Initial Assessment)
Identifying laws and practices relevant in light of all circumstances of the Transfer Impact Assessment to [Insert Country] from the EU.
Advanced
TIA — Government Access, Surveillance & National Security (Follow-Up)
Focus on Government Access, Surveillance & National Security Considerations.
assessment

Assessment Manager

⭐ 10 New User  |  ⚡ 10 Advanced
★ New User prompts follow a recommended setup sequence  ·  ⚡ Advanced prompts are for experienced users seeking deeper analysis
Tag & Topic Ask Arc Prompt
New UserStep 1
Assessment Types Explained
I am new to Assessment Manager. Explain the difference between a Mini PIA, a full PIA, a DPIA, a Vendor Risk Assessment, a Transfer Impact Assessment (TIA), and an AI Risk Assessment. For each type, tell me when I should use it, which regulatory frameworks require it, and what the key outputs are.
New UserStep 2
DPIA Trigger Identification
Review the business processes and systems in Data Mapping & Risk Manager and identify which ones are likely to require a Data Protection Impact Assessment (DPIA) under GDPR Article 35. Explain the trigger criteria for each flagged record and tell me which assessments I should prioritize launching first in Assessment Manager.
New UserStep 3
First Assessment Setup
I need to create my first Privacy Impact Assessment (PIA) in Assessment Manager. Walk me through the complete setup process: configuring assessment details, assigning managers and respondents, setting reminder notifications, and launching the assessment so respondents can begin completing it.
New UserStep 4
Assessment Status Dashboard
Give me a complete status overview of all assessments currently in Assessment Manager. Break them down by status — Not Started, In Progress, Pending Approval, Approved, Failed — and tell me which ones are overdue or approaching their due date so I can take immediate action.
New UserStep 5
Vendor Risk Assessment Prioritization
I need to prioritize which vendors to assess first in Assessment Manager. Using the vendor records in Data Mapping & Risk Manager, rank all vendors that currently have no completed assessment by their inherent risk score and tell me which assessment type is most appropriate for each vendor.
New UserStep 6
Overdue & Stalled Assessments
Which assessments in Assessment Manager have been In Progress for more than 30 days without any updates? List the assessment name, assigned respondent, and how many days it has been stalled. Suggest specific actions to get each one moving toward completion.
New UserStep 7
Risk Score Analysis
For all completed assessments in Assessment Manager, compare the inherent risk score against the residual risk score. Show me which assessments have the greatest gap between the two scores, and identify any assessments where residual risk remains high despite controls being in place — these represent our highest ongoing compliance exposure.
New UserStep 8
Remediation Task Tracking
Show me all open remediation tasks generated from completed assessments in Assessment Manager. Group them by assessment, identify which tasks are overdue, and summarize the key compliance risks that remain unresolved so I can build an action plan for the privacy team.
New UserStep 9
AI Risk Assessment — Getting Started
I have systems in my Data Mapping & Risk Manager inventory that use Artificial Intelligence. Which of those systems require an AI Risk Assessment in Assessment Manager? Explain the specific risks evaluated in the AI Risk Assessment template and help me prioritize which systems to assess first based on their current AI risk score.
New UserStep 10
Transfer Impact Assessment (TIA)
Which of my international data transfers in Data Mapping & Risk Manager do not yet have a completed Transfer Impact Assessment (TIA) in Assessment Manager? List them by destination country, flag the highest-risk transfers, and explain what a TIA must cover under GDPR Chapter V requirements.
Advanced
DPIA / Article 35 Report Generation
I need to generate a GDPR Article 35 DPIA report from Assessment Manager for a high-risk processing activity. Walk me through completing the DPIA Controls Assessment through to Approved state, then downloading the Article 35 Report. What does the report contain in terms of Inherent Risk, Residual Risk, and control effectiveness data?
Advanced
Inherent vs. Residual Risk — Programme Cohort Analysis
Using the Assessment Manager dashboard, help me compare Inherent Risk against Residual Risk across our entire DPIA programme. Identify which business units still carry unacceptably high residual risk after controls, and generate an executive-level risk reduction trend report showing quarter-over-quarter improvement.
Advanced
Control Effectiveness Chart — Programme Governance
Walk me through interpreting the Control Effectiveness Chart on the Assessment Manager dashboard. Explain the 80% target threshold, how it is calculated from completed assessment responses, and how I should use this metric in our quarterly privacy governance review to identify processing activities falling below acceptable control thresholds.
Advanced
Auto-Assessment Cascading & Threshold Triggers
I want to configure an Auto-Assessment cascade in a custom template so that when a respondent answers a high-risk question affirmatively, a follow-on DPIA is automatically triggered. Walk me through setting up the cascade condition at the template section level, how the triggered assessment is created, and the key caveats I need to manage.
Advanced
Tiered Approver Chains & Escalation Workflows
Our privacy programme requires a two-tier approval chain for DPIAs — business unit managers at Tier 1 and the DPO at Tier 2. Configure this in Assessment Manager, explain the majority-rule logic, confirm Tier 2 can only act after Tier 1 is complete, and show me how to measure approval turnaround times for board reporting.
Advanced
Assessment Revalidation Scheduling
We need to implement an annual revalidation programme for all approved assessments in Assessment Manager. Explain how to configure revalidation schedules, the difference between Revalidate Now and Revalidate as Scheduled, how to pre-configure revalidation stakeholders, and how to view upcoming revalidation due dates across the entire assessment portfolio.
Advanced
Bulk Assessment Programme via Smart URLs
We need to roll out a vendor risk assessment programme to 200 third-party respondents efficiently. Explain how to use Assessment Configurations to standardize workflow and email settings across multiple assessments, and how to generate Smart URLs so individual vendors can trigger their own assessment without requiring manual setup each time.
Advanced
Overall Programme Strategy — GDPR, CCPA & PIPEDA
Using data from Data Mapping & Risk Manager and Assessment Manager, analyze available information to identify gaps in my privacy programme against GDPR, CCPA, and PIPEDA requirements. Develop executive-ready visuals including a consolidated summary graphic to clearly communicate findings and recommended action plans to the board.
Advanced
Compliance Maturity — 60-Day Snapshot
Based on the privacy landscape data in Data Mapping & Risk Manager and Assessment Manager over the past two months, determine our current GDPR compliance maturity level. Provide a prioritized set of immediate steps to improve the maturity score and a roadmap showing what achieving the next maturity level would require.
Advanced
Board-Level Assessment Programme Metrics
Using Assessment Manager data, generate a board-level privacy programme report showing: total assessments by type and status, average time from initiation to approval, inherent vs. residual risk reduction over the past year, the percentage of high-risk records with completed DPIAs, and all open remediation tasks categorized by business unit and severity.
privacycentral

PrivacyCentral

⭐ 10 New User  |  ⚡ 12 Advanced
★ New User prompts follow a recommended setup sequence  ·  ⚡ Advanced prompts are for experienced users seeking deeper analysis
Tag & Topic Ask Arc Prompt
New UserStep 1
Platform Orientation
I am setting up PrivacyCentral for the first time. Give me an orientation of the key sections — Programme Overview, Tasks, Controls, Evidence, Attestations, and Regulatory Monitoring — and explain what I should configure first to start building a meaningful compliance programme.
New UserStep 2
Law & Framework Selection
Based on our company's operating jurisdictions and industry sector, which privacy laws and regulatory frameworks should I select to monitor in PrivacyCentral? Recommend the most relevant laws for a company operating in [REGIONS / INDUSTRY] and explain the key obligations each one imposes.
New UserStep 3
Understanding Compliance Scores
Explain the difference between the Compliance Progress percentage and the Control Effectiveness percentage shown in PrivacyCentral. How is each score calculated, what does each one tell me about the health of our programme, and which actions will have the greatest positive impact on improving both metrics?
New UserStep 4
First Compliance Gap Assessment — GDPR
Run a full compliance gap assessment for GDPR using PrivacyCentral. Show me every control where we are currently non-compliant or partially compliant, group the gaps by compliance area, and provide a recommended remediation roadmap with estimated effort for each gap.
New UserStep 5
Priority Task Identification
Using PrivacyCentral, show me all open compliance tasks ranked by their Effectiveness Impact score. Which tasks, if completed today, would have the greatest positive impact on our overall compliance scores? Give me a prioritized 30-day action plan.
New UserStep 6
Regulatory Change Monitoring
What regulatory changes have occurred in the last 90 days that affect the frameworks I am monitoring in PrivacyCentral? Summarize each change, identify which of our compliance controls may be impacted, and tell me what actions I need to take to stay current.
New UserStep 7
Uploading & Mapping Evidence
I have compliance evidence documents ready to upload to PrivacyCentral. Walk me through the process of uploading documents and using the AI Evidence Analyzer to map each document to the relevant compliance controls. Show me which controls currently have no evidence attached and are therefore at risk of failing an audit.
New UserStep 8
CCPA / CPRA Compliance Review
Using PrivacyCentral, provide a full compliance status review for CCPA/CPRA. For each compliance control, indicate whether we are compliant, partially compliant, or non-compliant. Flag any controls related to consumer rights, opt-out mechanisms, or data sale and sharing that require immediate attention.
New UserStep 9
Multi-Framework Overlap Analysis
I am managing compliance against GDPR, CCPA, and PIPEDA simultaneously in PrivacyCentral. Which compliance controls overlap across all three frameworks so I can address them once and satisfy multiple requirements? Show me the overlapping controls in a table and estimate the compliance coverage I gain from completing each one.
New UserStep 10
Compliance Programme Summary for Leadership
Generate a board-ready compliance programme summary using PrivacyCentral data. Include: the number of laws in scope, overall compliance progress and control effectiveness scores per framework, the number of open versus remediated tasks, and a traffic-light status overview that leadership can review at a glance.
Advanced
Multi-Framework Gap Analysis — GDPR, CCPA, DPDPA, LGPD
Using PrivacyCentral, run a simultaneous compliance gap analysis across GDPR, CCPA, India DPDPA, and Brazil LGPD. For each framework, identify controls that are non-compliant or partially compliant, highlight controls that satisfy requirements across multiple frameworks (Common Controls), and generate an executive summary showing our global compliance posture.
Advanced
AI Evidence Analyzer — Evidence Gap Mapping
I have uploaded a batch of compliance evidence documents to PrivacyCentral. Use the AI Evidence Analyzer to assess each document and show me which controls receive an Excellent, Good, Fair, Poor, or Unaddressed coverage score. Identify the controls with the weakest evidence coverage and recommend the specific documentation I need to gather to close the gaps.
Advanced
Attestation & Assurance Programme Reporting
I need to prepare a formal attestation report for our GDPR compliance programme in PrivacyCentral. Show me which controls currently have attestations completed by assigned attestors, which are still pending, and which controls are at risk of failing an external audit due to insufficient evidence or low effectiveness scores. Generate an attestation readiness summary.
Advanced
Task Prioritization by Effectiveness Impact Score
Using PrivacyCentral, analyze all open compliance tasks and sort them by Effectiveness Impact score. Show me the top 20 tasks that would deliver the greatest improvement to our control effectiveness percentage if completed. For each task, include the associated law, the control it relates to, and the estimated effort level.
Advanced
Regulatory Change Impact Assessment
A significant regulatory update has just been published for [JURISDICTION / FRAMEWORK] in PrivacyCentral. Identify exactly which of our existing compliance controls are affected by this change, show me the current status of those controls, and generate an impact assessment report with a prioritized remediation plan to restore compliance.
Advanced
Jurisdiction Comparison — Requirements in Scope
Compare the regulatory requirements across the jurisdictions in scope for our programme in PrivacyCentral. For each jurisdiction, cite the authoritative regulatory source, identify where our existing policies and controls already satisfy the requirements, and clearly show where gaps remain so we can build a targeted remediation plan.
Advanced
Quarter-Over-Quarter Compliance Drift Analysis
Using the compliance history data in PrivacyCentral, compare our compliance progress scores for each selected framework across the last four fiscal quarters. Identify any frameworks where our compliance score has declined, investigate the root cause (e.g., new requirements added, tasks not completed, evidence expired), and recommend corrective actions.
Advanced
Compliance Achievement Report — Board Package
Build a comprehensive board-level compliance achievement report for [COMPANY NAME] using PrivacyCentral. Include: the number of laws and frameworks assessed, total controls evaluated and percentage compliant, tasks created and remediated by quarter since [START DATE], key compliance milestones achieved, and a forward-looking roadmap for the next two quarters. Format for executive presentation.
Advanced
External Audit Readiness Assessment
Our company is preparing for an external privacy audit in 90 days. Using PrivacyCentral, assess our audit readiness by reviewing: control effectiveness scores across all in-scope frameworks, evidence coverage quality scores from the AI Evidence Analyzer, pending attestations, and open high-priority tasks. Generate a prioritized audit preparation checklist with specific actions, owners, and suggested completion dates.
Advanced
Recent Regulatory Developments — GDPR, CCPA & DPDPA Compliance Standing
Summarize the recent privacy developments related to GDPR, CCPA, and DPDPA and show me where my company stands in compliance based on the information in PrivacyCentral. For each development, identify the affected controls and tell me which tasks I need to complete to restore or maintain compliance.
Advanced
Compliance Trigger Criteria & Verification Walkthrough
Walk me through the trigger criteria for our key compliance controls in PrivacyCentral, cite the relevant regulatory authority for each, and analyze whether my company has already fulfilled each requirement based on the existing information in PrivacyCentral. Flag any controls where fulfillment is uncertain or evidence is missing.
Advanced
PrivacyCentral Programme Highlights — Quarterly Achievement Report
Build highlights of everything we have accomplished in the TrustArc PrivacyCentral platform: how many laws we have assessed, how many tasks have been created and remediated, key compliance milestones achieved, and a compelling usage story. Break down the accomplishments by fiscal year quarters starting in [MONTH / YEAR] and generate the report as a PDF.
nymity

Nymity Research

⭐ 10 New User  |  ⚡ 14 Advanced
★ New User prompts follow a recommended setup sequence  ·  ⚡ Advanced prompts are for experienced users seeking deeper analysis
Tag & Topic Ask Arc Prompt
New UserStep 1
Platform Orientation
I am using Nymity Research for the first time. Give me an orientation of the key sections — Law Library, Topics, Enforcement Database, Breach Index, MoFo Notes, and Privacy Watch — and explain what each section contains. Recommend the best starting point for a privacy programme manager who needs to understand the laws applicable to our business.
New UserStep 2
Identifying Applicable Laws
My company processes personal data of residents in [COUNTRY LIST]. Using Nymity Research, identify all privacy laws that apply to our operations in those countries. For each law, tell me whether my company is a data controller, processor, or both, and highlight the three most critical obligations I need to address first.
New UserStep 3
Law Library — Jurisdiction Deep-Dive
Using Nymity Research, give me a comprehensive overview of the key privacy law requirements that apply in [JURISDICTION]. Cover the law's scope, obligations on data controllers and processors, consumer or data subject rights established, enforcement authority, and the penalties for non-compliance.
New UserStep 4
Breach Notification Requirements
Using the Nymity Research Breach Index, show me the breach notification requirements for [COUNTRY / JURISDICTION]. Include: the definition of a notifiable breach, the notification timeline to the supervisory authority, whether individual notification to affected data subjects is required, and any exemptions that apply.
New UserStep 5
Recent Enforcement Actions — Key Lessons
Using Nymity Research, show me the five most significant enforcement actions issued in the last 12 months across any jurisdiction. For each action, summarize the violation, the fine amount, the issuing regulatory authority, and the key compliance lesson my organization should take away to avoid a similar outcome.
New UserStep 6
Regulatory Alerts — What's New This Month
Using Nymity Research, what are the most significant privacy law developments and regulatory changes published in the last 30 days? Summarize each development, identify which of our monitored jurisdictions are affected, and flag any that require immediate action on our part.
New UserStep 7
GDPR Guidance — Legal Basis Deep-Dive
Using Nymity Research Topics, give me a comprehensive summary of current regulatory guidance on legitimate interests as a legal basis under GDPR. Include relevant EDPB opinions, key enforcement precedents, and the specific criteria my organization must satisfy to lawfully rely on this basis.
New UserStep 8
Cross-Border Data Transfer Rules Comparison
Using Nymity Research, compare the cross-border data transfer mechanisms available under GDPR, UK GDPR, and Brazil's LGPD. Present the comparison in a table showing which mechanisms are recognized under each law, any conditions that apply, and which mechanism is most widely used in practice.
New UserStep 9
Sector-Specific Privacy Requirements
Using Nymity Research, identify any sector-specific privacy requirements that apply to our company operating in [INDUSTRY — e.g., healthcare, financial services, education, children's platforms] across our key jurisdictions. Highlight any sector requirements that go beyond the general privacy law obligations and explain what we need to do differently to comply.
New UserStep 10
Setting Up Daily Compliance Alerts
I want to configure Nymity Research to send me daily compliance alerts for the jurisdictions and topics most relevant to our business. Walk me through how to set up My Countries and configure Daily Compliance Alerts so that I receive timely notifications of regulatory changes that could affect our privacy programme.
Advanced
Enforcement Trend Analysis — Annual Executive Report
Using Nymity Research enforcement data, generate a comprehensive annual enforcement trend analysis for the previous calendar year. Show total enforcement actions by region, the top 10 largest fines with the violation type for each, the most common violation categories globally, year-over-year trend comparisons, and key takeaways for our privacy programme. Format as an executive report suitable for the board.
Advanced
Multi-Regulator Enforcement Comparison
Using Nymity Research, compare enforcement patterns across the five most active data protection authorities — ICO, CNIL, BfDI, the Irish DPC, and the FTC. For each authority, show enforcement volume, average fine amounts, most common violation types, and the sectors most frequently targeted. Identify which authority represents the greatest regulatory risk for our business operations.
Advanced
Breach Index — Incident Response Planning
Using the Nymity Research Breach Index, create a comprehensive incident response reference document covering all jurisdictions where we process personal data. For each jurisdiction, capture: the breach notification threshold, the supervisory authority to notify, the notification timeline, whether individual notification is required, and any safe harbor exemptions. Present in a table format our legal team can use during a live incident.
Advanced
MoFo Notes — Legal Interpretation of Ambiguous Requirements
Using Nymity Research MoFo Notes, give me a legal analysis of the current regulatory interpretation of [TOPIC — e.g., cookie consent, legitimate interests, automated decision-making, profiling] across EU member states. Identify where there are conflicting interpretations between national supervisory authorities and explain the most conservative compliance position we should adopt.
Advanced
AI Governance Research — Multi-Jurisdiction
Using Nymity Research, provide a comprehensive overview of AI governance and regulation requirements across the EU, US, UK, Canada, and China. For each jurisdiction, summarize the key AI-specific obligations, identify which of our AI-enabled systems or processes are in scope, and highlight the compliance gaps we need to address most urgently.
Advanced
Cross-Jurisdiction Consent Requirement Comparison
Using Nymity Research Topics, compare consent requirements across GDPR, UK GDPR, CCPA/CPRA, Brazil LGPD, India DPDPA, and Canada PIPEDA. Present a detailed comparison covering: the standard of consent required (explicit vs. implied, opt-in vs. opt-out), what information must be disclosed at the point of consent, and the consequences of invalid consent under each law.
Advanced
Data Localization Requirements by Country
Using Nymity Research, identify all countries where we transfer or store personal data that have data localization requirements. For each country, explain what data must remain in-country, any exceptions to localization, and what we need to do to comply. Flag any of our current data transfer arrangements that may violate localization rules.
Advanced
DPDPA Deep-Dive — India Compliance Obligations
Using Nymity Research, provide a detailed analysis of India's Digital Personal Data Protection Act (DPDPA) — covering scope, data principal rights, obligations on data fiduciaries and processors, the consent framework, cross-border transfer rules, breach notification requirements, the role of the Data Protection Board, and penalties for non-compliance. Map these obligations against our current privacy programme and identify the gaps.
Advanced
Privacy Law Gap Analysis — Market Expansion
Our company is planning to expand operations into [NEW COUNTRY / REGION]. Using Nymity Research, conduct a privacy law gap analysis: identify all applicable privacy laws in the target market, compare their requirements against our existing GDPR-compliant programme, and generate a gap report showing what new obligations we need to implement before we can lawfully operate in that market.
Advanced
Supervisory Authority Guidance Tracker
Using Nymity Research, show me all guidance, opinions, and recommendations issued in the last six months by the European Data Protection Board (EDPB) and the top five EU national supervisory authorities. For each guidance document, summarize the key points, identify which of our existing compliance controls it relates to in PrivacyCentral, and flag any areas where our current approach may need to be updated.
Advanced
Data Breach Definition Comparison — China, US & Europe
Using Nymity Research, how is a data breach defined in China, the United States, and Europe? Compare the definitions in a table format and indicate when a breach must be reported to a supervisory authority in each region, including the notification timeline and the applicable regulatory body.
Advanced
Unlawful Processing Assessment — Jurisdiction-Specific Analysis
My customer's data is being processed in Saudi Arabia by a vendor based there who provides me with SaaS software. I consider this to be unlawful processing. Using Nymity Research, would this also be classified as unlawful processing or a breach under Denmark's interpretation of GDPR? Provide the relevant legal basis and cite applicable guidance or enforcement precedents.
Advanced
EU Enforcement Report — Executive & CPO Visual
Using Nymity Research, generate a report fetching data from Nymity enforcements having all the details displayed in easy visuals for European regions. This is to be presented to the executive team. Additionally, generate one image for my Chief Privacy Officer to view at a glance with attractive visuals.
Advanced
India DPDPA — Data Retention Requirements
Using Nymity Research, what is India's Digital Personal Data Protection Act (DPDPA) stance on data retention? Explain the specific retention obligations, any sector-specific exemptions, the consequences of non-compliance, and how these requirements compare to GDPR Article 5(1)(e) on storage limitation.
irm

Individual Rights Manager

⭐ 10 New User  |  ⚡ 13 Advanced
★ New User prompts follow a recommended setup sequence  ·  ⚡ Advanced prompts are for experienced users seeking deeper analysis
Tag & Topic Ask Arc Prompt
New UserStep 1
DSR Request Types Explained
I am new to Individual Rights Manager. Explain the different types of Data Subject Requests I can manage — including Access, Deletion, Correction, Portability, Opt-Out, and Restriction of Processing. For each type, tell me which regulations grant this right, the typical response deadline, and what fulfillment looks like in practice.
New UserStep 2
Compliance Timeline Configuration
Walk me through how to configure the correct response deadlines (Due In Days) in Individual Rights Manager for each DSR type across GDPR, CCPA/CPRA, and other applicable jurisdictions. Explain the consequences of misconfiguring these deadlines and show me the current deadline settings for all active request workflows.
New UserStep 3
Intake Form Setup
I need to build a DSR intake form in Individual Rights Manager for our company website. Guide me through best practices for form design — including required fields, identity verification configuration, jurisdictions to cover, and how to ensure the form meets GDPR and CCPA/CPRA requirements before publishing it.
New UserStep 4
Open Requests — Compliance Risk Triage
Show me all currently open Data Subject Requests in Individual Rights Manager. Highlight any requests approaching or exceeding their compliance deadline, identify the request type and jurisdiction for each, and give me a prioritized action list to address the highest compliance risks first.
New UserStep 5
Identity Verification Review
Using Individual Rights Manager, what identity verification methods are currently configured for our DSR intake forms? Are these requirements appropriate for the jurisdictions we operate in? Compare our current setup against GDPR, CCPA/CPRA, and other applicable requirements and flag any gaps that could expose us to fraud or regulatory risk.
New UserStep 6
Request Volume & Type Breakdown
Using Individual Rights Manager, give me a breakdown of all DSR requests received in the last six months by request type (Access, Deletion, Opt-Out, etc.), by jurisdiction, and by month. Identify any notable trends such as a spike in deletion requests or an unusually high volume from a specific country or region.
New UserStep 7
Workflow Automation & Task Templates
I want to configure automated task templates in Individual Rights Manager so that when a new DSR is received, the right team members are notified and assigned tasks automatically. Walk me through how task templates with conditional logic work and suggest the ideal workflow structure for Access, Deletion, and Opt-Out request types.
New UserStep 8
GPC Signal & Automated Opt-Out
Explain how the Global Privacy Control (GPC) signal integrates with Individual Rights Manager to automatically process opt-out requests. Is our current configuration set up to honor GPC signals as required under CCPA/CPRA? What do I need to configure to ensure automated compliance is in place?
New UserStep 9
Global DSAR Executive Report
Using Individual Rights Manager, generate an executive-level report providing global insights into all Data Subject Access Requests received during fiscal year 2025 (January–December). Present the findings as a visually compelling summary suitable for board-level presentation, including volume by jurisdiction, request type breakdown, and fulfilment rate.
New UserStep 10
DSR Audit Trail & Regulatory Reporting
I need to demonstrate to regulators that we have properly handled all Data Subject Requests in the past 12 months. Using Individual Rights Manager, generate a complete audit trail report showing each request received, the actions taken, the date fulfilled, and the outcome. Flag any requests that were closed without full fulfillment.
Advanced
Cross-Jurisdictional DSR Timeline Compliance Analysis
Using Individual Rights Manager, generate a cross-jurisdictional compliance analysis comparing our DSR response performance against the deadlines required under GDPR (30 days), CCPA (45 days), LGPD (15 days), and other applicable laws. Identify any jurisdiction where we are consistently missing deadlines and calculate the potential regulatory penalty exposure for each overdue request type.
Advanced
24-Month DSR Trend Analysis — Board Reporting
Using Individual Rights Manager, generate a 24-month trend analysis of all DSR activity broken down by request type, jurisdiction, and fulfilment outcome. Identify peak periods of request volume, analyse whether specific request types are increasing year-over-year, and present the findings as a board-level risk reporting visual showing our programme maturity over time.
Advanced
Identity Verification Failure Rate & Fraud Prevention
Analyze our identity verification outcomes in Individual Rights Manager over the last 12 months. What percentage of DSR submissions failed identity verification? How many requests were flagged as potentially fraudulent? Are our current verification thresholds calibrated correctly for each request type and jurisdiction?
Advanced
Task Template Bottleneck Analysis
Analyze the task template performance data in Individual Rights Manager. Which subtasks are causing the greatest delays in our DSR fulfilment workflows? For each request type, show me the average time spent at each workflow stage, identify the steps where tasks most frequently reach Cannot Complete status, and recommend workflow restructuring to reduce average fulfilment time.
Advanced
DSR SLA Performance Dashboard
Using Individual Rights Manager, build a comprehensive SLA performance dashboard showing: average DSR response time by request type and jurisdiction, percentage of requests completed within the statutory deadline, the number and percentage of requests auto-extended due to complexity, and the top five reasons why requests miss their deadlines.
Advanced
Regulatory Penalty Risk — Overdue DSR Exposure
Using Individual Rights Manager, identify all DSR requests that are currently overdue or were closed past their statutory deadline in the last 12 months. For each overdue request, calculate the potential regulatory penalty exposure under the applicable law (e.g., GDPR Article 83, CCPA fines up to $7,500 per intentional violation). Generate a total penalty exposure summary for our legal team.
Advanced
IRM–DMRM Integration for Data Fulfilment Mapping
When fulfilling Data Subject Access Requests, our team needs to know which systems hold the data subject's personal data. Using the integration between Individual Rights Manager and Data Mapping & Risk Manager, show me which systems are linked to each active DSR and identify any systems in our DMRM inventory that are not yet connected to our IRM fulfilment workflow.
Advanced
Incident Response — GDPR Breach Notification (500K Users)
An incident has been reported involving personal data of 500,000 data subjects — including names, Social Insurance Numbers, credit card details, and credit ratings. Using Individual Rights Manager and Nymity Research, determine which regulatory authorities must be notified, the mandatory notification timelines in each jurisdiction, the required content of each notification, and all steps needed to achieve compliance and avoid penalties.
Advanced
DSR Form Compliance Review — CCPA/CPRA
Review our DSR intake form against CCPA/CPRA requirements. Identify all compliance gaps — including required disclosures, permitted verification methods, opt-out request handling, and the requirement to accept requests through multiple channels. Provide specific, actionable recommendations to remediate each gap.
Advanced
DSAR Compliance Report — Quarterly Visual
Using Individual Rights Manager, generate a single executive-level image showing our DSAR compliance report for the most recent quarter. Highlight which requests are out of compliance, which require immediate action, and include a prioritized next-steps checklist the team can act on immediately to restore full compliance.
Advanced
DSAR Volume — Germany 3-Year Analysis
Using Individual Rights Manager, how many DSAR requests were received from Germany over the past 3 years? Break the results down by year and by request type. Identify any notable trends — including year-over-year increases, the most common request type from German data subjects, and whether our response time consistently met the GDPR 30-day deadline.
Advanced
DSR Form — California Law Compliance Review & Gap Analysis
Compare my DSR intake form against California privacy laws (CCPA/CPRA) and provide detailed feedback on any compliance gaps discovered. For each gap identified, suggest specific adjustments to the form language, fields, or process to achieve full compliance with California requirements.
Advanced
Germany Incident Report — Multi-Jurisdiction Compliance & Exec Board Visuals
There has been an incident reported to my company in Germany. Using Individual Rights Manager, provide all insights from the incident reporting form and tell me what actions I need to take to be compliant across various jurisdictions — especially GDPR and CCPA. Generate executive board-level reports and visuals for easier presentation to leadership.
ccm

Cookie Consent Manager

⭐ 10 New User  |  ⚡ 11 Advanced
★ New User prompts follow a recommended setup sequence  ·  ⚡ Advanced prompts are for experienced users seeking deeper analysis
Tag & Topic Ask Arc Prompt
New UserStep 1
Platform Orientation
I am setting up Cookie Consent Manager for the first time. Walk me through the key sections of the platform — banners, cookie scanning, tracker management, location settings, and reporting — and explain what I need to configure first to get a compliant consent banner live on our website.
New UserStep 2
Cookie Scan & Categorization
Run a cookie scan on our website using Cookie Consent Manager. Show me all cookies and trackers detected, organized by category — Strictly Necessary, Performance, Functional, and Targeting/Advertising. Flag any cookies that are currently loading before consent is obtained, as this is a GDPR compliance violation.
New UserStep 3
First Banner Setup
Walk me through the full process of configuring my first cookie consent banner in Cookie Consent Manager — including selecting the banner layout, choosing between implied and expressed consent behaviors, configuring the consent categories, adding the required disclosures, and publishing the banner to our website.
New UserStep 4
GDPR vs. CCPA Banner Configuration
Explain the difference between how our cookie consent banner should be configured for GDPR visitors in the EU versus CCPA visitors in California. Do I need separate banners, or can I use Location Settings to serve different consent experiences to different audiences? Walk me through the recommended setup for both regulations simultaneously.
New UserStep 5
Auto-Block Configuration
I want to ensure no cookies load on our website before a visitor gives consent. Using Cookie Consent Manager, explain how the Auto-Block feature works and walk me through configuring it for our website. Show me which cookies are currently set to auto-block and which are not, and flag any gaps that could cause a GDPR violation.
New UserStep 6
Consent Rate Performance Review
Using Cookie Consent Manager reporting, show me the current opt-in and opt-out rates for our consent banner across all active domains. Break the data down by consent category and by geography. Identify which categories have the lowest opt-in rates and suggest ways to improve consent performance while maintaining full regulatory compliance.
New UserStep 7
Google Consent Mode v2 Setup
Our website uses Google Analytics and Google Ads. Walk me through configuring Google Consent Mode v2 in Cookie Consent Manager so that our consent signals are correctly passed to Google's systems. Explain the difference between Basic and Advanced Mode and tell me which setting is appropriate for our GDPR compliance obligations.
New UserStep 8
IAB TCF 2.2 Compliance Review
Does our current Cookie Consent Manager banner configuration comply with the IAB Transparency and Consent Framework (TCF) 2.2? Review our current setup and identify any gaps. Explain what IAB TCF 2.2 requires and what changes I need to make to achieve full compliance, including purpose mapping and vendor list management.
New UserStep 9
Multi-Domain Banner Management
Our company operates websites across multiple regions. Using Cookie Consent Manager, how should I structure our banner configurations across these domains? Should I use a single banner with Location Settings or create separate banners per region? Show me our current domain list, their active banner configurations, and any domains that are missing a compliant banner.
New UserStep 10
Tracker Rules & Custom Categorization
I have third-party trackers on our website that are not being correctly categorized in Cookie Consent Manager. Using the Tracker Rules Engine, walk me through how to create custom rules — including REGEX patterns — to properly categorize these trackers. Show me which trackers currently have no category assigned and suggest appropriate categories for each.
Advanced
Consent Rate Optimization — GDPR Compliance Report Analysis
Using Cookie Consent Manager's GDPR Compliance Report CSV, analyze our banner performance across all domains and identify specific opportunities to improve consent opt-in rates. Break down rates by consent category, geography, device type, and browser. Recommend specific changes to banner design, consent wording, or category configuration that are most likely to improve rates without compromising compliance.
Advanced
Cross-Domain Consent Synchronization
We operate multiple websites that share the same root domain and want to synchronize consent signals across them using Cookie Consent Manager's Consent UID feature. Walk me through the cross-domain consent configuration, explain the domain whitelisting requirements, and show me how to verify that consent granted on one domain is being correctly recognized on our other properties.
Advanced
IAB GPP — US State Privacy Configuration Audit
Using Cookie Consent Manager, audit our IAB Global Privacy Platform (GPP) configuration for US state privacy laws — including California (CCPA/CPRA), Virginia, Colorado, Connecticut, and Texas. For each state, verify that the correct GPP section is enabled, the MSPA mode is configured correctly, and our purpose-to-category mapping aligns with the applicable state law requirements.
Advanced
GPC & DNT Signal Reporting Audit
Using Cookie Consent Manager, generate a comprehensive report on Global Privacy Control (GPC) and Do Not Track (DNT) signal handling across our domains. Show the volume of visitors triggering each signal, how our configurable GPC handling modes are set, whether we are correctly reporting automated GPC opt-outs in the GDPR Compliance Report, and any configuration changes needed.
Advanced
Google Consent Mode v2 — Advanced Mode Validation
Our Cookie Consent Manager is configured for Google Consent Mode v2 Advanced Mode. Validate that all six consent types — analytics_storage, ad_storage, ad_user_data, ad_personalization, functionality_storage, and security_storage — are being correctly passed to Google based on our consent category mappings. Flag any misconfigured mappings.
Advanced
Tracker Rules Engine — REGEX Audit for Complex Vendors
Audit our Cookie Consent Manager Tracker Rules Engine configuration for complex third-party vendors that use dynamic URL patterns. Identify any trackers that are currently being miscategorized due to insufficient REGEX rules. Provide updated REGEX patterns for each affected tracker and explain how to apply Sub-Category Mapping for more granular control.
Advanced
Re-Consent Campaign Planning
We have updated our privacy notice and need to trigger a re-consent campaign across our website visitor base. Using Cookie Consent Manager, explain the mechanism for forcing a re-consent prompt — including consent duration settings and URL parameters — and walk me through planning a campaign that minimizes disruption to user experience while ensuring we recapture valid consent under GDPR.
Advanced
Analytics API — Custom Consent Reporting
I want to build a custom consent performance dashboard using data from the Cookie Consent Manager Analytics REST API. Walk me through the available API dimensions and metrics — including domain, session-level data, and category-level opt-in rates — and help me design a data model that will power a monthly consent performance report for our privacy and marketing teams.
Advanced
GPC Signal — California Visitors Report
Using Cookie Consent Manager, how many website visitors have enabled the Global Privacy Control (GPC) signal on our consent banner? Generate a detailed report showing the number of GPC-enabled visitors specifically from California, how our system is currently handling these signals, and whether our configuration meets CCPA/CPRA requirements for honoring GPC as a valid opt-out signal.
Advanced
Cookie Preference Confirmation — Regulatory Requirement Audit
Is there a regulatory requirement under GDPR, CCPA, or other applicable laws that our cookie consent banner must display a confirmation notice after a user accepts or rejects their preferences? Using Nymity Research, identify all relevant regulations that address this requirement and present them in a compliance table alongside our current Cookie Consent Manager configuration.
Advanced
California Consent Performance — Opt-In & Opt-Out Report
Generate a report for my cookie consent banner showing me the opt-ins and opt-outs specifically for California visitors. Break down the results by consent category, include the volume of visitors, and highlight any categories where opt-out rates are significantly higher than average. Suggest configuration changes to improve opt-in rates while staying compliant with CCPA/CPRA.
cpm

Consent & Preferences Manager

⭐ 10 New User  |  ⚡ 11 Advanced
★ New User prompts follow a recommended setup sequence  ·  ⚡ Advanced prompts are for experienced users seeking deeper analysis
Tag & Topic Ask Arc Prompt
New UserStep 1
Platform Structure — Brands, Programmes & Forms
I am new to Consent & Preferences Manager. Explain the organizational hierarchy — how Brands, Programmes, Forms, and Consent Records relate to each other. Walk me through setting up my first Brand and Programme and explain why this structure matters for managing consent across multiple marketing initiatives or regional programmes.
New UserStep 2
Building Your First Consent Form
I need to build my first consent form in Consent & Preferences Manager for our email marketing programme. Guide me through the Form Builder — including which field types to use, how to configure toggles and checkboxes, how to set the form to Active status, and how to generate a tokenized URL to embed on our website.
New UserStep 3
GDPR Consent Requirements Checklist
Review my active consent forms in Consent & Preferences Manager and assess whether each one meets the GDPR standard for valid consent — specifically: freely given, specific, informed, and unambiguous. Identify any forms where the consent mechanism does not meet the GDPR standard and tell me exactly what changes are needed.
New UserStep 4
Double Opt-In Configuration
I need to implement double opt-in for our email consent forms in Consent & Preferences Manager to comply with requirements in Germany and Austria. Walk me through configuring double opt-in, how the confirmation email is triggered, how bounced emails are logged and retried, and how to review the confirmation log to monitor completion rates.
New UserStep 5
Consent Records Audit
Show me all consent records in Consent & Preferences Manager for the last 90 days. For each record, display the data subject identifier, the form used, the consent decision (opt-in or opt-out), the timestamp, and the IP address. Flag any records missing required metadata that could undermine our ability to demonstrate valid consent under GDPR.
New UserStep 6
Marketing Platform Integration Setup
I want to sync consent data from Consent & Preferences Manager with our [PLATFORM — e.g., Salesforce / HubSpot / Marketo / Mailchimp]. Walk me through the integration setup, explain the difference between batch sync and real-time sync, and tell me which consent fields will be mapped to our CRM so that only opted-in contacts receive marketing communications.
New UserStep 7
Preference Center Setup
I want to give our customers a self-service Preference Center where they can manage their own consent and communication preferences. Walk me through the Preference Center setup in Consent & Preferences Manager, explain what options I can present to data subjects, and show me how a customer can view and update their own consent history.
New UserStep 8
Consent Withdrawal & GDPR Deletion
A data subject has requested to withdraw their consent and have their personal data deleted from our consent records. Using Consent & Preferences Manager, walk me through identifying their record, recording the withdrawal, completing the GDPR deletion, and confirming what audit trail remains after deletion so we can demonstrate compliance.
New UserStep 9
Form Versioning & Re-Consent
We have updated our privacy notice and need to re-obtain consent from existing subscribers. Using Consent & Preferences Manager, explain how form versioning works, how to publish a new version, and how to identify which data subjects consented under the old version and now need to be prompted to consent again.
New UserStep 10
Opt-In Rate Analysis & Programme Performance
Using Consent & Preferences Manager, generate an executive-level report analyzing opt-in performance across all active consent forms and programmes. Break the results down by region and identify which programme or form is generating the highest number of opt-ins. Provide recommendations for improving opt-in rates on underperforming forms while staying compliant.
Advanced
Marketing Platform Integration Performance Analysis
Using Consent & Preferences Manager Integration Logs, analyze the performance of our Salesforce / HubSpot / Marketo integration over the last 90 days. Identify any sync failures, API errors, or records that failed to transfer consent status correctly. Show me the percentage of consent records that are fully in sync across both systems and recommend configuration changes to improve sync reliability.
Advanced
Double Opt-In Completion Rate Optimization
Analyze our double opt-in completion rates in Consent & Preferences Manager for the last six months. What percentage of data subjects who submitted a consent form went on to complete the email confirmation step? Show me the bounced email log, identify patterns in why confirmations are failing, and recommend steps to improve completion rates for key markets including Germany and Austria.
Advanced
Consent Data Migration Strategy
We are migrating consent records from a legacy system into Consent & Preferences Manager. Walk me through the CSV import pre-validation process, the Change Format configuration, the migration criteria we need to set (including consent timestamp, source, and form version mapping), and how to use the Consents API for bulk migration. What quality checks should I run after migration to verify data integrity?
Advanced
Cross-Channel Consent Consistency Audit
We collect consent across multiple channels — website forms, email, mobile app, and our CRM. Using Consent & Preferences Manager, audit whether the consent status for each data subject is consistent across all channels. Identify any data subjects where consent is recorded as opted-in on one channel but opted-out on another, and recommend how to resolve these inconsistencies.
Advanced
GDPR Article 7 Consent Validity Audit
Using Consent & Preferences Manager, run a GDPR Article 7 consent validity audit across all active consent forms. For each form, verify that: consent was not pre-ticked (Default Off or Ignored state), consent was not bundled with terms and conditions acceptance, the data subject was given a genuine free choice, and the consent request was granular enough to be specific to each processing purpose.
Advanced
Regulatory Inspection — Consent Evidence Export
We are facing a potential inquiry from a data protection authority requesting evidence of our consent collection practices. Using Consent & Preferences Manager, generate a complete consent evidence package for the last 24 months: export all consent records showing the latest consent per form and brand, include IP metadata, form version at time of consent, and email delivery logs. Explain how to apply identifier masking to protect data subject privacy during the export.
Advanced
Consent Lifecycle Management — Full Journey
Map the complete consent lifecycle in Consent & Preferences Manager for a typical data subject — from initial opt-in through preference changes, re-consent events, and ultimately withdrawal or deletion. Show me the lifecycle notification events available, how CRM sync timing affects the data subject's experience, and how the platform ensures the data subject's current consent state is always reflected accurately in downstream marketing systems.
Advanced
Brand/Programme/Form Hierarchy Optimization
Our Consent & Preferences Manager instance has grown organically and the Brand/Programme/Form hierarchy no longer reflects our current marketing structure. Review our current setup and recommend a revised hierarchy that better supports our regional and product-line structure. Explain how to create new Brands and Programmes directly in the Form Builder and what the impact of restructuring will be on existing consent records.
Advanced
ICO UK GDPR — Top 3 Forms Compliance Review
Using Consent & Preferences Manager, assess whether our top three active consent forms comply with ICO UK GDPR requirements. For each form, evaluate the consent language, the opt-in/opt-out mechanism design, the granularity of consent per processing purpose, and whether the form version history demonstrates we have maintained valid consent through any policy changes. Identify specific compliance gaps and provide recommended corrective actions.
Advanced
Consent Opt-In Report — Top 3 Forms by Geography
Generate a report showing the number of users who have opted in and opted out across the top three forms in Consent & Preferences Manager. Segment the report by geography and present it in a clear, executive-friendly format suitable for sharing with leadership to demonstrate consent programme performance by region.
Advanced
Regional Opt-In Analysis — Which Programme Gets Maximum Opt-Ins
Analyze the data in Consent & Preferences Manager and generate an executive-level report showing the maximum number of opt-ins happening per region. The main purpose is to identify which programme is generating the most opt-ins overall. Include a geographic breakdown and highlight the top-performing programmes for each region.
multiproduct

Multi-Product Prompts

⭐ 10 New User  |  ⚡ 6 Advanced
★ New User prompts follow a recommended setup sequence  ·  ⚡ Advanced prompts are for experienced users seeking deeper analysis
Tag & Topic Products Used Ask Arc Prompt
New UserStep 1
90-Day Onboarding Roadmap — All Products
All TrustArc Products I have just been given access to the full TrustArc platform — including Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Nymity Research, Individual Rights Manager, Cookie Consent Manager, and Consent & Preferences Manager. Create a 90-day onboarding roadmap telling me which products to configure first, in what order, and what the key setup steps are for each. Prioritize the activities that will deliver the fastest compliance value and show me how each product connects to the others.
New UserStep 2
Privacy Programme Health Check
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager Run a complete privacy programme health check across TrustArc. Review the completeness of my data inventory in Data Mapping & Risk Manager, the status of assessments in Assessment Manager, compliance scores in PrivacyCentral, and open DSR requests in Individual Rights Manager. Give me an overall programme health score and the top 10 actions I should take this quarter to improve it.
New UserStep 3
GDPR Readiness Report — Full Platform
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Cookie Consent Manager, Consent & Preferences Manager, Individual Rights Manager Using all available TrustArc products, assess our overall readiness for GDPR compliance. Review data mapping records, completed DPIAs, PrivacyCentral compliance controls, cookie consent configuration, consent records, and DSR fulfillment history. Produce a comprehensive GDPR readiness report with a traffic-light status for each key GDPR requirement and a prioritized remediation plan.
New UserStep 4
Vendor Risk to Assessment Pipeline
Data Mapping & Risk Manager, Assessment Manager Analyze all vendor records in Data Mapping & Risk Manager and cross-reference with Assessment Manager to identify vendors with a high or critical inherent risk score that have no active or completed risk assessment. Generate a prioritized assessment pipeline showing vendor name, risk score, recommended assessment type, and suggested launch date.
New UserStep 5
Third-Party Risk — Full Lifecycle
Data Mapping & Risk Manager, Assessment Manager, Nymity Research Walk me through the complete lifecycle of managing third-party privacy risk using TrustArc — from vendor onboarding in Data Mapping & Risk Manager, through risk assessment in Assessment Manager, to checking regulatory obligations in Nymity Research. Show me the current state of our vendor risk programme and identify the biggest gaps in our third-party risk management process.
New UserStep 6
Consent & Rights Alignment Check
Consent & Preferences Manager, Individual Rights Manager, Cookie Consent Manager Review the alignment between our consent collection in Consent & Preferences Manager, our cookie consent configuration in Cookie Consent Manager, and our DSR fulfilment capability in Individual Rights Manager. Identify any gaps — for example, where we collect consent in one system but cannot honour a corresponding withdrawal request — and recommend steps to close those gaps.
New UserStep 7
Privacy by Design Review
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral Our development team is launching a new product feature that will collect user location data. Using Data Mapping & Risk Manager, Assessment Manager, and PrivacyCentral, conduct a Privacy by Design review: determine whether a DPIA is required, identify what data elements and legal bases need to be documented, flag which compliance controls are triggered, and provide the team with a clear checklist of what must be completed before the feature can launch.
New UserStep 8
Regulatory Change Impact Assessment
Nymity Research, PrivacyCentral, Data Mapping & Risk Manager A new privacy regulation has recently been enacted or significantly updated in [JURISDICTION]. Using Nymity Research, summarize the key new obligations. Using PrivacyCentral, identify which of our compliance controls are affected. Using Data Mapping & Risk Manager, flag any business processes or data transfers that need to be updated to comply. Generate a consolidated impact assessment with a remediation plan.
New UserStep 9
Executive Privacy Dashboard
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager Build an executive-level privacy dashboard drawing data from Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, and Individual Rights Manager. Include: total vendors assessed, overall GDPR and CCPA compliance scores, number of open DSRs and their compliance status, high-risk assessments pending approval, and regulatory changes flagged in the last 30 days. Format as a board-ready one-page summary.
New UserStep 10
Engagement Summary — Account Highlights
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager Build a comprehensive highlights report of accomplishments in the TrustArc platform for [CUSTOMER NAME], covering: the total number of records in Data Mapping & Risk Manager, number of completed assessments in Assessment Manager, compliance progress in PrivacyCentral, key DSR achievements in Individual Rights Manager, and which users are most actively engaged with the platform. Tell a compelling story of privacy programme progress broken down by fiscal year quarter starting in [MONTH].
Advanced
Privacy Programme Maturity Assessment — All Products
All TrustArc Products Conduct a comprehensive privacy programme maturity assessment across all TrustArc products. Using a five-level maturity model, evaluate our programme maturity in data inventory management, assessment coverage, regulatory compliance, DSR fulfilment, and consent management. For each dimension, assign a maturity level, explain the evidence from the platform supporting that rating, and provide a specific roadmap to reach the next maturity level.
Advanced
Annual Privacy Programme Board Report
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager, Nymity Research Generate a comprehensive annual privacy programme board report for [COMPANY NAME] drawing data from all TrustArc products. Include: data inventory statistics and risk profile, assessment completion rates and risk reduction metrics, compliance scores by framework with quarter-over-quarter trends, DSR volume and fulfilment performance, an enforcement landscape summary from Nymity Research, and key programme achievements. Format as an executive board package with compelling visuals.
Advanced
Regulatory Inspection Readiness Package
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager, Consent & Preferences Manager Our company is preparing for a potential regulatory inspection by a data protection authority. Using all relevant TrustArc products, compile a regulatory readiness evidence package including: our current Article 30 ROPA from Data Mapping & Risk Manager, completed DPIAs from Assessment Manager, compliance control evidence from PrivacyCentral, DSR fulfilment audit trail from Individual Rights Manager, and consent records from Consent & Preferences Manager. Identify any gaps in our evidence that we need to address before the inspection.
Advanced
Cross-Product Compliance Gap Identification
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager Using data across TrustArc products, identify the key cross-product compliance gaps in our privacy programme: vendors in DMRM with no completed assessment in AM, business processes missing compliance controls in PrivacyCentral, DSR fulfilment delays in IRM that indicate DMRM data location gaps, and consent records in CPM that do not align with the legal bases documented in DMRM. Generate a prioritized gap closure plan.
Advanced
Engagement Summary Email — Account Manager
Data Mapping & Risk Manager, Assessment Manager, PrivacyCentral, Individual Rights Manager Draft a compelling client engagement email written from the perspective of a TrustArc Account Manager, addressed to [CUSTOMER NAME]. The email should highlight a story about user engagement, key programme milestones, and specific achievements across their TrustArc products based on the data in the attached PDF [ATTACH PDF]. Make the email feel personal, data-driven, and forward-looking.
Advanced
High-Risk Assessments & Time-to-Approval — Executive Geo Report
Data Mapping & Risk Manager, Assessment Manager Show me all the assessments that have high inherent risk. Also, list all the assessments that are taking the maximum time from initiation to approval. I want to see an executive level report geography-wise on assessments with all the data that is required to run my global privacy programme. This report is for the executives team. So generate the image in such a way that resonates with them with great graphics.
orghierarchy

Organizational Hierarchy

⭐ 5 New User  |  ⚡ 5 Advanced
★ New User prompts follow a recommended setup sequence  ·  ⚡ Advanced prompts are for experienced users seeking deeper analysis
Tag & Topic Ask Arc Prompt
New UserStep 1
Why Organization Hierarchy Matters — Setup First
I am new to TrustArc and I can see there is an Organization Hierarchy section. Explain what Organization Hierarchy is, why it is described as a foundational layer, and how setting it up correctly first will improve how Data Mapping & Risk Manager, PrivacyCentral, and Assessment Manager work for our organization. What happens if I skip this step and go straight to building my data inventory?
New UserStep 2
Creating the Primary Entity — Company Profile Setup
Walk me through creating our Primary Entity in Organization Hierarchy. What information do I need to provide — including headquarters location, industry sector, company type, number of employees, and data subject categories — and how does the system use this information to recommend applicable privacy laws and compliance frameworks in PrivacyCentral?
New UserStep 3
Adding Company Affiliates, Business Units & Departments
I need to build out our full organizational structure in Organization Hierarchy. Explain the difference between a Company Affiliate, a Business Unit, and a Department, when to use each entity type, and how to add them to the hierarchy using the (+) icon. Walk me through how to use the Autofill button to pre-populate a new entity from its parent, and explain what the tier labels mean and how to rename them.
New UserStep 4
Assigning Users to Entities
I need to assign team members to the correct entities in Organization Hierarchy so they have access to the right records in Data Mapping & Risk Manager and PrivacyCentral. Walk me through how to add users to an entity using the person icon on the entity card, explain how parent-entity membership automatically grants access to child entities, and tell me how to use CSV bulk import to assign users at scale.
New UserStep 5
Linking Org Hierarchy to DMRM Records
Now that I have built our Organization Hierarchy, how do I connect it to our Data Mapping & Risk Manager records? Walk me through setting the Owned By field on Business Process, System, and Third-Party records to the correct Company Affiliate, Business Unit, or Department. Explain why owning entity assignment matters for filtering records, generating scoped Article 30 reports, and organizing our data inventory by business function.
Advanced
Bulk CSV Import — Scaling the Hierarchy
Our organization has a complex hierarchy with dozens of entities across multiple regions. Walk me through using the CSV bulk import feature in Organization Hierarchy to add and update entity records at scale. What fields are required in the CSV template, how do I map parent-child relationships in the file, and what validation steps should I run after the import to confirm the hierarchy is structured correctly?
Advanced
Record-Level Access Control via Org Hierarchy
I want to restrict which users can view and edit specific records in Data Mapping & Risk Manager based on their Organization Hierarchy membership — for example, limiting the IT department to only seeing IT-related Business Process and System records. Walk me through enabling this access control feature (including the requirement to contact TrustArc Support), configuring the custom permission group with the Org attribute, and adding entities to the access field on Hub records. Explain the key limitations — especially the Creator and Collaborator edge cases — so I can plan the rollout correctly.
Advanced
Scoping Article 30 ROPA Reports by Company Affiliate
We need to generate separate Article 30 ROPA reports for individual Company Affiliates to share with the relevant national Data Protection Authorities. Using the Organization Hierarchy owning entity structure in Data Mapping & Risk Manager, walk me through generating a scoped Article 30 report for a specific Company Affiliate. Explain the difference between the global default report and the DPA-scoped option, what appears in the Overview section of the scoped report, and how Joint Controllers are handled differently when a specific affiliate is selected.
Advanced
Data Subject Inheritance from Entity to System Records
I want to configure our Organization Hierarchy entities so that when a Company Affiliate is set as the owner of a System inventory record in Data Mapping & Risk Manager, the data subjects and locations configured at the entity level are automatically offered for inheritance into the system record. Walk me through enabling the law applicability rules setting on the entity, configuring data subjects and locations in Organization Hierarchy, and accepting the inheritance offer when setting the Owned By field on a System record.
Advanced
Cross-Product Hierarchy Audit — DMRM, PrivacyCentral & Assessment Manager
We have recently restructured our Organization Hierarchy after a corporate reorganization. Walk me through auditing the downstream impact across TrustArc products: (1) in Data Mapping & Risk Manager, identify all Business Process, System, and Third-Party records whose Owned By entity no longer exists or has been renamed; (2) in Assessment Manager, identify assessments whose Owning Entity is stale or unassigned; (3) in PrivacyCentral, confirm that org unit filters still return the correct scoped compliance data. Generate a remediation checklist I can use to realign all affected records to the updated hierarchy.