Industry: Retail and Manufacturing
Region: International
Company size: Enterprise
Featured solutions: Data Mapping Automation, Targeted Data Discovery, Assessment Automation, Cookie Consent, Privacy Rights Automation, PIA & DPIA Automation
Alfred Kärcher achieves global impact and compliance with automated data management
Industry: Retail and Manufacturing
Region: International
Company size: Enterprise
Featured solutions: Data Mapping Automation, Targeted Data Discovery, Assessment Automation, Cookie Consent, Privacy Rights Automation, PIA & DPIA Automation
When Michael Apperger became the Data Protection Officer (DPO) at Alfred Kärcher SE & Co. KG in 2019, the record of processing activities was kept in an Excel spreadsheet.
As a world market leader in cleaning equipment and solutions, Kärcher has more than 150 subsidiaries across 80 countries. It’s founded and headquartered in Germany, where Apperger serves as DPO for the parent company as well as five other subsidiaries in the country.
Being at Kärcher for 25 years made Apperger a perfect fit to be its DPO. Not only was he already familiar with operations, his previous experience in the IT department also equipped him to automate and streamline its data protection process.
Today, Kärcher maintains a reliable record of processing activities built around OneTrust and an automated system that makes it easier to stay compliant with data privacy laws.
From the moment Apperger opened the first Excel sheet full of data processing activities, he set a goal to overhaul the entire process.
“My colleague filled out the sheet himself. Yes, he had discussions with the process owner, but he was the one who wrote the descriptions,” he says. “In my opinion, if I don’t live the process, I can’t describe the process. I need the process owner to describe the process.”
Apperger searched for a solution that could facilitate the data processing activities at scale, from sending custom-built templates directly to designated process owners to maintaining an updated data inventory.
OneTrust was the obvious choice. “At that time, the other tools were only able to document the processing activities. OneTrust was the only one that could do that, and also help with GDPR compliance, privacy laws, data discovery, and automation,” he says. “After analyzing the options, I decided that OneTrust is the tool for Alfred Kärcher and its subsidiaries.”
Michael Apperger, Data Protection Officer (DPO) at Alfred Kärcher SE & Co. KG
Apperger spent the first year rebuilding Kärcher’s record of data processing activities using two OneTrust modules: PIA and DPIA Automation and Data Mapping Automation. These modules work together to integrate assessment templates into existing systems and provide a real-time, comprehensive view into the organization’s data respectively.
The first batch of PIA and DPIA forms, however, revealed a missing piece in the plan. “We asked the correct questions, but the answers from the process owners were not really good because they didn’t have the depth of understanding about GDPR,” says Apperger.
With data processing activities carried out across the entire company, from sales and marketing to human resources, the forms had to address a broad audience.
“We made them shorter,” he says. “We only included the basics, about 20 questions. And every email we send with the form also includes a short overview of how OneTrust works and what can be done with the tool.”
Once the answers are submitted and reviewed, Apperger then meets with the process owner for further discussion before giving final approval. The form is sent to process owners periodically for review of processing activities.
In addition to simplifying forms, Apperger was looking for ways to communicate the importance of data protection and data security. He wanted to raise awareness of the GDPR and data protection laws. He also wanted to make the information more appealing to his colleagues. A better understanding leads to a smoother process.
"Every day we get a new question about the GDPR: Is this image personal data? Is this information personal data?" says Apperger. "It's all new language for the company. We have documented how we implement data protection at Kärcher in a data protection manual."
To further raise awareness of data protection in the company, Kärcher published a quarterly newsletter on general data protection topics, current information from the supervisory authorities, and data protection topics.
With this additional guidance, Apperger and his team were able to build a data protection strategy that scales beyond geographical borders. As new laws and regulations are enforced, and data transfer guidelines change, it’s critical for a company to stay in control of its data.
“This is a benefit of OneTrust — we can create custom fields and use them as a filter to see which processing activities we need to change when any given regulation changes,” says Apperger.
Once his data protection strategy was in place, Apperger began personally introducing OneTrust to the other DPOs at Kärcher. He created another handbook to explain the different modules that help maintain data processing activities and ensure GDPR compliance.
From there, integrating the solution was easy. “Subsidiaries use many of the same processes we use, so most of the time, it’s just copy-paste,” he says. For example, Kärcher’s online recruitment process is the same for all countries. Since the process is already documented in OneTrust, it can be copied and immediately applied to any other location.
The challenge, however, was addressing the number of customer data inquiries received by subsidiaries. Kärcher’s subsidiaries operate as sales arms in their respective country, which makes them the primary channel for customers to request access, correction, or deletion of their data — a process easier said than done.
Every request requires verifying the legitimacy of the request, locating the data across disparate systems (including any third parties), determining any data exemptions, and documenting any changes.
“This required a mindset change and a solution,” he says. Apperger and his team utilized the OneTrust Privacy Rights Automation and Data Discovery modules to facilitate these customer data requests. By automatically scanning every data environment, down to the field and file level, he was able to streamline the end-to-end process — from intake to discovery to taking action — on a single platform.
Today, OneTrust is the backbone of Kärcher’s data protection strategy. “It gave us an overview of all the company’s processing activities and helped our colleagues understand the GDPR,” says Apperger.
“I think the process we have is really good at this time. In the future, we look to connect our processing activities to see how data is created and flows through the company. This is something we can do very easily in OneTrust.”
Webinar
Register for our live demo webinar to see how OneTrust Third-Party Management can revolutionize your third-party risk management approach.
Webinar
Join us to learn more about the Digital Operational Resilience Act (DORA) and how OneTrust can help organizations research, implement, and monitor compliance at scale with DORA and other related regulations and standards like NIS2 and ISO.
Webinar
Join us for a virtual Lunch & Learn session and explore how OneTrust’s Third Party Management solution can streamline your risk management processes.
Webinar
Join our Saudi Arabia PDPL webinar for an overview on the data protection law, its requirements, and how to prepare for full enforcement.
Webinar
Register for this OneTrust webinar to learn about the relevant resilience focused requirements of DORA, NIS 2, and other global regulations.
Report
Download this Verdantix report to learn the importance of operational resilience for your business and why OneTrust was named a leader in the space.
Webinar
This DataGuidance webinar explores the latest and expected developments in the implementation of the NIS 2 Directive, focusing on practical compliance strategies to ensure your organization is prepared.
Infographic
Report
As AI continues to offer unparalleled opportunities for business innovation, it also presents risks that organizations must tackle head-on through scalable governance programs that span multiple data sources. Six key trends are defining these challenges.
Webinar
In this webinar, our experts will discuss the Canadian regulation and others like it globally, while providing actionable insights into building a robust and mature Third-party program.
Blog
Join our OneTrust webinar on tackling IT security risks for banks in South Africa. Explore strategies for safeguarding sensitive data, ensuring POPIA compliance, and managing cyber threats. Gain actionable insights to strengthen your security posture and build customer trust.
Webinar
Join our upcoming product release webinar to explore how these new capabilities can help your organization navigate complex frameworks, streamline third-party management, and accelerate AI and data innovation.
Webinar
Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.
eBook
Streamline third-party relationships and avoid common mistakes in the process.
Checklist
Third-party management doesn’t have to be a complicated process for your business.
Infographic
Working with third parties introduces privacy and security risks, making compliance and business growth a balancing act.
Infographic
Third-party management keeps manufacturing operations running smoothly by verifying vendor and supplier compliance with regulations.
eBook
It’s imperative for security teams to implement a holistic approach to third-party management.
Webinar
Join our upcoming webinar to learn how to navigate the complexities of managing modern slavery, anti-bribery, and corruption within your third-party ecosystem.
Webinar
Join us in a webinar where we will discuss PDPL, third-party risk, and compliance best practices. Learn how you can automate and simplify your third-party management program with OneTrust.
Webinar
Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.
Webinar
Amidst South Africa's dynamic AI terrain and evolving data privacy regulations like POPIA, mastering third-party risk management is paramount. This session explores the balance between AI innovation and data protection.
Webinar
Join this webinar to learn best practices for building a resilient third-party ecosystem and maintaining operational continuity in the face of unforeseen challenges.
eBook
Download this eBook to explore third-party management across industries and key considerations before bringing this approach organization-wide.
Webinar
As innovation teams race to integrate AI into their products and services, new challenges arise for development teams leveraging third-party models. Join the webinar to gain insights on how to navigate AI vendors while mitigating third-party risks.
Webinar
The EU has adopted several new Cyber Laws that will impact many businesses and will come into force over the next few months (in October in the case of NISD2) and require actions now. Join the webinar to learn about the latest cyber developments.
Webinar
This webinar will show you how to develop strategies for assessing reputational risks as it relates to third parties and the impact of third-party relationships.
Webinar
In this webinar, we’ll discuss the unique competencies of third-party risk and due diligence programs and examine when and how to align them.
Infographic
Download our infographic to learn about the new DORA regulation, who needs to comply, and how OneTrust can help streamline the process.
Webinar
Learn how to leverage financial, operations, compliance, ESG, and cyber scores to drive resilience insights and detect possible supply chain disruptions.
Video
Watch this demo video to learn how OneTrust third-party management helps organizations create resilient, secure, and scalable third-party ecosystems.
Checklist
See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.
Webinar
How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.
Video
Watch this video for the five top trends shaping the third-party management industry this year.
Checklist
Managing third-party risk is a critical part of AI governance, but you don’t have to start from scratch. Use these questions to adapt your existing vendor assessments to be used for AI.
Infographic
What key challenges do CISOs face going into the new year? Download this infographic to hear what experts from industries across the board have to say.
Webinar
Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.
Webinar
Attend this demo to see how our TPRM solution can help you identify and mitigate risk as well as automate manual and repetitive tasks to ultimately reduce the time you spend managing your vendors
Webinar
Insight into your third parties’ inherent risks can change the way you run your TPM program.
Webinar
Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.
Webinar
Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.
Webinar
Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.
eBook
Understand the importance of data privacy in third-party risk management, and 10 best practices for achieving privacy compliance when working with third parties.
Webinar
Join us for a live demo of OneTrust's third-party risk management solution and see how it can help automate and streamline your TPRM program.
Webinar
Join this webinar to learn how to manage the third-party risk lifecycle across teams while optimizing your processes with automation.
Webinar
In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.
Infographic
Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.
Webinar
Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.
Webinar
Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.
Webinar
In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.
Webinar
Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.
Video
See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.
Video
The OneTrust Vendor Risk Management provides businesses access to pre-completed vendor risk assessments while supporting industry standards.
Webinar
Join OneTrust and HackNotice as we discuss effective ways to protect your organization from third-party data breaches and build strong incident response workflows.
Webinar
Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.
eBook
Download our eBook to learn practical advice on how to approach third-party risk management like an InfoSec expert.
Webinar
In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.
Webinar
In this webinar, you will learn how to reduce the use of spreadsheets for third-party risk management and cut costs when building your TPRM program.
Webinar
Watch this webinar to learn how to align your TPRM and TPDD programs to achieve workflow efficiencies and the distinction between the two discipline areas.
In-Person Event
Join this OneTrust live event series, which will address critical topics such as navigating data management, compliance automation and third-party risk.
Infographic
The number of businesses and third-party suppliers has increased, widening the risk landscape. This infographic shows how businesses are managing that risk.
Webinar
Learn how to balance the intricacies of CPRA, VCDPA, CPA, CTDPA, and UCPA when managing third parties and understanding privacy-related risks.
Webinar
Attend this webinar to learn about Third-Party Risk Management (TPRM) workflow definition and maintenance best practices you can apply to your business.NEED
Webinar
In this webinar, you will learn how to utilize TPRM to help to optimize workflows, leverage data, and increase accountability across sourcing and procurement.
Webinar
Our third-party risk software helps you build a vendor inventory, conduct vendor assessments, mitigate risks, monitor vendors over time, and more.
Video
Watch the demo video to learn how OneTrust Third-Party Risk Management can help your TPRM program meet your privacy team's expectations.
Webinar
In this session, we’ll outline how to identify, reduce, and monitor cyber risk as it relates to your third parties including methods for tracking cyber risks over time.
Webinar
Join OneTrust for a demo on how our privacy management platform helps Canadian businesses streamline ISO 27001:2022 compliance.
Webinar
Learn how InfoSec teams can automate scoping mandatory requirements and streamline generating evidence to prove compliance across ISO.
Webinar
In this webinar session, we’ll outline how to take a data-driven approach to understand, reduce, and monitor cyber risks as it relates to your third parties.
Webinar
This webinar focuses on the fundamental considerations when managing third parties and enables your organization to build a solid and scalable foundation.
Webinar
In this webinar, we provide a live product demonstration to show you how your organization can optimize and scale a third-party risk program.
Webinar
Watch this webinar as OneTrust discusses how privacy and security teams can save time throughout the third-party risk assessment lifecycle.
Webinar
We’ll discuss the 7 core metrics successful third-party risk programs track and how to track them, such as critical metrics to track as your program matures.
Webinar
Learn the top 7 red flags for risky third parties, mitigation tactics for reducing third-party risk, and key ways to streamline risk identification, and more.
Webinar
In this webinar, we'll discuss third-party risk management's role in privacy compliance and cost-effective techniques for maintaining records for compliance.
eBook
Ensure your enterprise IT risk assessment is a success with a top-down approach that gets executive buy-in from the start
Webinar
Watch our LkSG webinar to understand the scope of LkSG, how your company will need to adjust, and the repercussions of noncompliance.
Webinar
In this webinar, we discuss best practices for how privacy and security teams can work better to eliminate redundant work, save time, and be more efficient.
Webinar
Watch this webinar to hear how to leverage third-party risk management workflow creation and maintenance best practices.
Webinar
In this panel discussion, we address critical points such as defining the metrics to track in relation to third parties and their cybersecurity risks.
Webinar
In this webinar, we’ll review services providers under the ADPPA and outline how you can ready your third-party risk program to align with privacy regulations.
Checklist
Download our LkSG readiness checklist to understand your readiness for risk management systems and responsibilities, and due diligence obligations.
Infographic
In this infographic, you'll discover third-party risk and learn how to operationalize a "3A approach", including addressing evolving risk factors and timelines.
Webinar
In this webinar, we’ll explore these questions and layout 7 must-know best practices to conduct more meaningful third-party risk assessments.
eBook
Understand what it takes to build a successful third-party risk management program through OneTrust's third-party risk management guide.
Webinar
Join our panel of experts as we discuss the German Supply Chain Due Dilligence Act and the best practices for compliance.
Webinar
This webinar will discuss best practices for how privacy and security teams can work together to eliminate redundant work, save time, and be more efficient.
Webinar
Join this webinar to learn how you can integrate your Third-Party Risk Management program within a broader IT Security platform
Webinar
In this webinar, we will provide you with the steps that you need to define a solid third-party risk management program
Webinar
Watch this webinar and see how the COVID-19 pandemic forced companies to accelerate automation and scale their third-party management.
Webinar
Discover effective strategies for preparing security questionaire responses with our free webinar.
Webinar
Watch this webinar and learn how to launch an effective third-party risk managment program and practical methods to track success.
eBook
Download our guide on third-party management and learn what you need to know to shift your buisness to TPM.
White Paper
Download this joint research report conducted by CyberRisk Alliance and Vendorpedia to understand today's third-party risk landscape.
eBook
In this eBook, learn the business value of TPRM software and why all leading organizations rely on it when working with third-party vendors.
Webinar
Join this webinar to learn best practices on how your organization can step-up business resilience with better third-party risk management.
Webinar
Watch our free webinar to discover how to optimize your third-party risk program and reduce manual data management with automation.
Webinar
Prepare for 2022 Trends in Third-Party Risk Management and future-proof your Third-Party Trust program.
Webinar
This webinar will discuss how to create a Third-Party Risk Management (TPRM) program that prioritizes privacy compliance and simplifies record-keeping.
eBook
Download the OneTrust Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.
Webinar
Access this free webinar to learn how to be a trusted vendor.
eBook
Download our third-party risk management eBook and get a complete roadmap to your TPRM lifecycle.
Video
Watch the demo of our Questionnaire Response Automation tool and learn how it helps vendors automatically answer any questionnaire.
eBook
Learn how an exchange community of customers and vendors improves security and builds trust.
Webinar
Join this webinar series, which will focus on the four foundational pillars of Third-Party Risk Management: Automation, Compliance, Reporting, and Collaboration.
Webinar
Watch our webinar and gain insight on how to navigate InfoSec's evolving compliance landscape.