Frequently Asked Questions
Questions about the regulations or the Truyo platform specifically? Feel free to check out most Frequently Asked Questions below.
Great news! You won’t need to circumvent your current ticketing system. Truyo can integrate to dispatch tickets and listen for the results in a fully automated fashion without interrupting your current organizational work flows.
We can create customized solutions using restful APIs, file exchange, direct to database connectors, or most commonly a remote software agent to connect to internally-developed systems. Truyo has the capability to connect to virtually every type of data system.
Yes, with the new generation of agents our tool will comply with all jurisdictions to provide compliant DSAR fulfillment.
Truyo’s Framework Assessment Module includes privacy impact assessments, vendor assessments, CMMC, NIST, and ISO.
At this time Truyo supports regulations for California, Nevada, Utah, Connecticut, Colorado, Virginia, PIPEDA, Quebec, GDPR, Australia, New Zealand, Dubai (MENA), and others. We are always keeping the jurisdictions up to date as more regulations arise, and at no additional charge to our customers.
Within one month we have saved:
- A large retail chain $2.7m in operating costs with CCPA automation
- A mid-size restaurant chain $350k in operating costs with CCPA automation
- A national home goods chain $1.1m in operating costs with CCPA automation
- A national health and wellness chain $2.6m in staffing costs with CCPA automation
- A salon chain $180k in operating costs with CCPA automation
Oftentimes, legacy applications or printed materials have no possibility of an API connection. In these cases, automation may not be possible. But Truyo can automatically create a manual Task for your team members when it is necessary to interact with these sources.
Truyo can integrate with any system capable of supporting an API. Truyo uses over 100 pre-built Connectors to all of the most popular CRMs, ERPs, marketing tools, HR tools, etc. For systems where Truyo does not have a pre-built Connector, we use a flexible API builder that includes standard components like error checking, caching, retries, etc.
Through your secure, branded Data Subject Portal, Data Subjects are guided through options to help them formulate exactly what they are trying to Request. Your users do not need to be knowledgeable about the regulations, but their Requests are properly structured so you can act on them easily and quickly without having to interact with the Data Subject.
Truyo leverages a secure, immutable ledger to log and timestamp all system interactions and changes associated with your SAR operation, including requests, task assignments and task fulfillment. We then provide simple graphical reports as well as flexible filters so you can see and create the reports you need very quickly, whether for internal purposes, or for external purposes like an audit or legal defense.
Truyo will create common reports such as those for CCPA & CPRA compliance – average time to complete requests, number of requests, etc. We also have complete reporting for any transactional element in the platform such as when a request is accepted or completed. We have system reporting for connections that are managing processes and how long it takes. All reporting can easily be exported to spreadsheets or reporting tools at no additional cost for our customers.
Yes, in fact most of our deployments are on a company’s own cloud instance. Truyo is built on Kubernetes and can manage and maintain remote installations while keeping your data secure on your infrastructure. Truyo can also be deployed on premise or in a multi-tenant environment.
Yes, many companies do not require automation because they get very few, if any, Requests from Data Subjects, or they have very few back-end systems which hold data. These companies use the Truyo secure portal, task management system, logging and reporting engine without any connected data sources, while supporting manual responses to SARs. This is a cost-effective and more compliant alternative to receiving SARs to an email alias or a simple web form. But if you do start getting a lot of SARs, it is an easy upgrade to start adding automation to the system.
Yes, the entire product is built for variable enterprise requirements and stringent security standards and is driven by a set of flexible APIs so it can be largely tailored to your specifications. Customizations are performed and billed as a Professional Service.
By default, Truyo sends verification links to any emails or SMS endpoints given by the Data Subject before a Request becomes “verified” and actionable. But Truyo can incorporate many additional verification methods, including integration with 3rd party verification tools and even integration to your own authentication systems for customers and employees. Truyo also offers you the option of requiring the Data Subject to upload a photo ID.
If you have over 10 back-end systems that contain privacy data, AND you get or plan to get at least one SAR per week, then you should consider at least some level of automation. Back-end systems include CRMs, ERPs, billing systems, help desk and ticketing systems, marketing systems, analytics, e-commerce, applicant tracking systems and payroll systems, just for example. The first level of automation — validating identities, validating requests, generating tasks, logging and reporting — will cut out 20 to 30% of your operational overhead without any systems integration required. The next level of automation, information gathering and compiling, will cut out another 30 to 40% of your overhead, and will require simple data ingestion integration to your systems. The last level of integration, fully automating changes to back-end systems, requires more integration effort, but will help you achieve a fully-automated, self-service experience for your customers and employees.
Personal data is any information that can be used to directly or indirectly identify a person. This information ranges from social media activity, credit card information, medical information to computer IP address. Public, private and work data is all covered under the regulation.
Also called a SAR or DSAR, a Data Subject Access Request refers to the new requirements under privacy regulations that allow a person, the Data Subject, to request to see the data that a given company is tracking on them. This includes a very broad set of data tied to that person’s identity in your systems, like website visits, shopping history, demographic information, etc. For most companies, this data resides in multiple back-end systems. Companies have 30 days under the GDPR or 45 days under CCPA to compile this information and deliver it to the requestor in a format that is understandable. Further, a Data Subject can also ask for that data to be deleted from all systems, for it to be modified, or for it to be provided in an exportable format, depending on the regulation.
Modern privacy regulations are very broad, and cover many areas like breach notification, security practices and privacy by design. Truyo helps automate and streamline the area of Individual Rights. That is, the rights of a person to request to see the data a company is tracking on them, and to exercise control over that data. This is one of the main areas of exposure to a company, and serves as the primary entry point for complaints and fines if not done properly, so it is important to execute Individual Rights properly, and to the degree a company receives many Requests, to do so at scale.
No, the GDPR applies to any company anywhere, as long as the company is tracking information on EU citizens. Similarly, the CCPA applies to any company with global revenues greater than $25M/year, OR you track over 50,000 California citizens’ information, OR you make over half your revenue by selling data.