Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

1. © 2024 TrustArc Inc. Proprietary and Confidential Information.
Simplifying Data Inventory Management:
Automation and Code-Based Data
Discovery Using TrustArc and Privya

2. 2
Legal Disclaimer
The information provided during this webinar does
not, and is not intended to, constitute legal advice.
Instead, all information, content, and materials presented during
this webinar are for general informational purposes only.

3. 3
Speakers
Val Ilchenko
General Counsel & Chief Privacy Officer
TrustArc
Assaf Amitay
CEO
Privya
Kristen Nosky
Vice President of Product Management
TrustArc
Dr. Uzy Hadad
Founder & CTO
Privya

4. Agenda
● Why Do Data Inventories Matter?
● Problem Statement
● Data Inventory Hub Overview
● TrustArc’s Inventory and Discovery Strategy
● Privya’s Code-Based Data Discovery Strategy
● The Privya-TrustArc Integration

5. 5
Why Do Data Inventories Matter?
● Regulatory Compliance
○ Streamline privacy program compliance operations especially around responding to
individual rights requests and managing consents.
○ In addition to GDPR/UK GDPR, and the State of CA, a number of national privacy laws
(e.g., Brazil, Thailand, and Vietnam) require maintaining records of processing activities.
● Risk Management
○ Important to understand risk footprint. Inventories help assess what is being processed by
your organization.
● InfoSec Planning
○ Businesses need to understand what data they maintain to understand proper security
measures, possible blast radius in the event of an incident, etc.
● Strategic and Budget Planning
○ Understanding data collection and maintenance helps with budget planning around all
functions that deal with privacy, security, availability, etc.
● Customer Obligations; Sales Support
○ RFP, InfoSec/Privacy Questionnaires, online disclosure (e.g., sub-processors), etc.
increasingly require “taking inventory” of systems, data, etc. in use.
✓
✓
✓
✓
✓

6. 6
Problem Statement: Manual, Time-Consuming, Challenging
Creating a comprehensive data inventory is important for legal, regulatory, transparency, security,
budget planning, and other purposes – as noted in the prior slide. However, legacy methods are
no longer viable – by the end of this year (2024), Gartner predicts that 75% of the modern world
will be covered by privacy laws and systems continue to become more complex.
● Manual data inventory creation (e.g., excel sheets, manual questionnaires, etc.) can
significantly prolong the process, ranging from weeks to months without automation
● Common methods rely on manual tactics:
● Cross-functional teams engage in assessments and collaborative efforts with the
Privacy and Security teams to ensure data accuracy and security
● Alignment with Security and Procurement teams
● Regular follow up and revalidation – highly manual
● Responses are static (not maintained between audits)
● The absence of automation impedes the realization of tool benefits, remaining a significant
blocker for many organizations' program goals.
● Streamlining data inventory management and incorporating automation is imperative
to identify, prioritize, and monitor your data risk.
● Note on Val’s Personal Experience

7. 7
Data Inventory Hub Overview
● Data Inventory Creation - map your data
and data flows for ROPA compliance
across your systems, vendors, company
affiliates, and internal processes
● Risk Detection - detect data transfer risk
and receive alerts. Proprietary risk engine
is based on 130+ global laws.
● Report Generation - export pre-built
reports such as Article 30 report or
Business Process report to demonstrate
compliance to regulators.
● Automated Remediation - generate
automated follow-up actions for each
record and flag through Automation Rules
to conduct a PIA or Vendor Assessment.

8. 8
Partnership
TrustArc’s Data Discovery & Automation Strategy
Third Party & System
Record Exchange
TrustArc’s Record Exchange
is pre-populated with the
most popular system and
third party records.
Customers can add
pre-created records to their
own inventory’s with one
click.
Integrations
Use our third party
connector library to
automatically create
third party and system
records.
TrustArc Data Inventory Hub Solutions
Third Party Discovery
TrustArc’s Third Party
Discovery tool scan’s
customer’s websites and
identifies the third parties
being used and
automatically creates
those third party records
in the data inventory.
AI Autofill
Autofill System and
Third Party Records
using our AI Autofill
feature. Simply type in
the system or third
party record name and
click the AI Autofill
button to populate the
remaining fields.
Data Discovery
Privya's AI-driven code
scanning helps organizations
save resources, comply with
regulations, and protect their
reputation by automatically
identifying and mapping
personal data collection,
usage, and storage, including
third-party access. This
eliminates manual processes
and ensures regulatory
compliance.
NOW LIVE
NOW LIVE

9. Data Discovery
Use Cases &
Benefits
Data discovery solutions focus on automating portions of data
inventory building and bringing visibility to which systems and
what data is being processed by your organization
Leveraging Privya’s code-based scanning technology and
integration with TrustArc, Data Inventory Hub customers
will be able to:
Streamline Inventory Creation: Automate the process of creating
and managing data inventory records
Auto Detect AI Usage: Auto detect when AI is being used to
process data and take remedial action
Automate Risk & Reporting: Leverage discovered data to
understand your organization’s risk and produce reports

10. Understanding Code-Based Data
Discovery

11. 11
In the simplest term…
Scanning lines of
code
Identify keywords,
patterns/flows and/or
themes for PII or SPI
(e.g. drivers license,
phone number, email
address, etc.)
Categorize and
assess risk!

12. 12
Data Identification and Classification
● Scans the entire code portfolio, including legacy
systems, cloud-based applications, and
third-party integrations
● Automatically identifies and categorizes
personal information (PI), sensitive personal
information (SPI), and other critical data such
as when AI is being used to process data
● Up-to-date automatic data classification
across the organization
● Save time and resources by eliminating manual
data discovery processes
● Enables proactive privacy risk management
and compliance with regulations such as GDPR,
CCPA/CPRA, HIPAA, PCI DSS and more

13. 13
Data Lineage and Flow Mapping
● Maps the flow of data throughout the organization,
providing a complete view of data movement across
systems, applications, and third parties
● Enables end-to-end tracing of data from origin to
destination, identifying dependencies, potential
vulnerabilities, and compliance gaps
● Identifies complex relationships between projects,
including direct and indirect data flows, and other hidden
connections
● Offers powerful impact analysis capabilities to
understand the downstream effects of one project on the
entire software ecosystem

14. 14
AI/ML Model Detection and Governance
● Automatically detects and inventories artificial intelligence (AI) and machine learning (ML) models within the
codebase, across all frameworks and libraries used
● Facilitates end-to-end governance of AI/ML technologies, ensuring compliance with emerging regulations such
as the EU AI Act and NIST AI RMF
● Provides insights into the purpose of AI/ML models, enabling informed decision-making and the
implementation of appropriate governance measures

15. 15
Third-Party Data Sharing and Risk Management
● Detects data sharing with third
parties, providing insights into what
data is shared and how it is
processed
● Identifies and assesses risks
associated with third-party data
access (vendor assessment),
helping organizations prioritize and
mitigate potential vulnerabilities
● Provides a centralized view of
third-party access rights and
permissions*
● Integrates with identity and access
management (IAM) platforms like
Okta
* Coming soon

16. 16
The Privya-TrustArc Integration
Data inventory
SPI/PI
AI/ML
Third Party Sharing
Data Inventory Hub
● End-to-end data privacy automation: from discovery
to risk analysis and reporting
● Continuous code-based data discovery, including
AI/ML model detection
● Automated data collection for ROPA, DPIA, and
real-time compliance risks
● Integration with TrustArc's Data Inventory Hub
● Robust privacy and security risk analysis using
TrustArc's proprietary risk engine

17. 17
Thank You!