In order to keep pace with increasing compliance requirements and respond to growing client privacy questions, Blackboard needed an innovative solution to streamline its processes and become more efficient. Blackboard’s privacy team, led by Stephan Geering, Global Privacy Officer and Associate General Counsel, evaluated several options and decided to implement WireWheel.
WireWheel helps Blackboard track personal data on its SaaS products as it comes
into the organization, as it is processed and as information is shared with clients.
WireWheel’s methodology allows Blackboard to accurately and efficiently answer four questions that are fundamental to data privacy:
Sixty-five percent of organizations have delays in their sales cycle due to privacy concerns, with an average delay of almost eight weeks 1. At minimum, sales delays cause deferred revenue. Worse, they can cause customers to select other vendors. Blackboard has faced similar challenges. As part of the sales process, Blackboard receives requests for information about its data privacy compliance almost daily. “Our clients expect transparency. They rightly expect vendors to answer their questions about data privacy without any barriers or delays,” says Stephan. As Blackboard can clearly demonstrate its commitment to privacy more systematically and with more detail and also show its clients how to do more to protect the privacy of student data. As a result, Blackboard’s sales cycle is expected to be significantly expedited.
With WireWheel, Blackboard will be able to respond more quickly than before, with more detailed and up-to-date information as well as guidance and support for clients implementing their own privacy programs.
Building trust with clients gives Blackboard a unique advantage over its competition. “We aim to be the privacy leader in education technology and know that privacy automation is a core component to achieve this,” Stephan explains. As a SaaS partner, Blackboard helps clients manage compliance with data privacy requirements. “Using WireWheel, Blackboard makes it easier for our clients to address privacy compliance.”
“USING WIREWHEEL BLACKBOARD MAKES IT EASIER FOR OUR CLIENTS TO ADDRESS PRIVACY COMPLIANCE.”
Blackboard prioritizes data privacy in the design of its software, with features such as data minimization, pseudonymization, and privacy-friendly settings. With WireWheel, Blackboard can now build data privacy requirements into its products from the beginning of the development process.
WireWheel provides a step-by-step framework so the product team can manage and update privacy information. Privacy risk assessments must be completed before agreements with vendors can move forward. Product managers can create their own privacy checklists and use WireWheel’s Tasking Engine to manage agreements with all third-party processors to ensure documentation and compliance.
Stephen describes the benefits: “We have 25 products and numerous suppliers that often change. It’s time intensive to track all of the agreements that impact data privacy. We were sending out RFPs and asking questions, but each team was responding differently. Now, we can manage them centrally and consistently.”
Blackboard’s operational challenges are typical of many enterprises: distributed information, many third-party vendors, and data managed by various departments. Additionally, Blackboard has grown through numerous acquisitions, which makes implementing consistent privacy controls across the whole company more important and more difficult to achieve.
Prior to implementing WireWheel, Blackboard was managing its privacy processes manually. “We were tracking privacy checklists with Word and Excel. It wasn’t scalable or sustainable. “You’d have to chase emails, send reminders, and track everything manually,” Stephen recalls. What’s more, he says, data is constantly changing. “With a manual process it’s difficult to always have up to date and complete information.”
Through direct integration with Amazon Web Services (AWS), WireWheel is able to map Blackboard’s data and automatically classify it – with only 20 minutes of set up. WireWheel’s maps translate data flows to a geographic view, critical for complying with various data privacy requirements around the world. This transparent, robust data mapping gives Blackboard key privacy insights into whether its databases are encrypted, whether IP addresses are publicly visible, and whether any databases are replicated in real time. Data flows are easily visualized, both logically and geographically, to help ensure compliance with the GDPR’s data transfer and record keeping requirements.
As the WireWheel solution continues to roll out, Blackboard will be able to display, in real-time, where each of its SaaS client’s data is stored, processed or transferred throughout its infrastructure, and identify when that data is encrypted, replicated or accessed. Blackboard can then provide this critical information to its clients when they need it for their own compliance needs.
“Now the information will always be accurate, up-to-date and available at the push of a button. This would be difficult, if not impossible, without automation,” added Stephan.
WireWheel provided Blackboard a central location for all of its privacy compliance documentation: its Record of Processing privacy by design checklists, its privacy impact assessment, vendor questionnaires, and data mapping, individual maps, data classification and Sub-Processor approvals.
Blackboard’s goal is to remove all bottlenecks in the privacy process through automation and by making people more self-sufficient. In the next phase of the WireWheel implementation:
“It’s important that we are transparent to our clients and can maintain their trust.” notes Stephan. “We’ve been able to shape the development of WireWheel and to make people more self-sufficient because WireWheel really listens to what we need, and they’ve been so supportive.”
Stephan views tools such as WireWheel as the future of data privacy. “It’s already well established that privacy leaders need frameworks, policies and efficient privacy governance. The next phase of privacy maturity having standard tools to automate privacy compliance. In 5-10 years’ time everyone will have tools like this.”