Frequently Asked Questions (FAQs)
FAQs for the Trace® app
Do you have questions about using the Trace® platform or your account? We’re here to answer them! If you don’t see your question here, contact us via email.
About Trace
-
Once you have created your account (app login), you can set up your Trace® account and profile. Your user and company profile are found under ‘Account’ from the main navigation. where you can set up your details, check your account settings, manage billing and personalise your account with your profile or company logo.
Once your account is all set up, you can start your compliance journey by building your data map from your dashboard, as well as adding data categories to build a picture of personal data processing in your organisation. We have an easy-to-follow video guide to show you around the platform, available to watch in-app, anytime.
-
It doesn’t matter what industry or sector you’re in. If you process personal data (like most organisations), you need to comply with the relevant Data Protection regulations and be good custodians. Trace® can be used by many different types of business who want to make compliance as streamlined and easy as possible.
The GDPR is extra-territorial: use Trace® if you are in Europe and need to comply or if your organisation offers goods or services to European citizens or monitors them. Trace® is designed for organisations who want to demonstrate compliance and data protection to build trust, wherever they are in the world (our data visualiser maps to all global data protection regulations).
-
Your personal and business data are safe with us. Trace® has been created by Data Protection experts and our approach is always Privacy and Security by Design. When it comes to your payment data, all credit card transactions are processed using bank-level, PCI-compliant SSL encryption. We use carefully vetted partners like Stripe and Microsoft Azure who use best-in-class security systems. The content of your account and data map is entirely private unless you choose to share it via the export feature. For more on data security, see our Privacy Promise.
-
We support the current version of each of these browsers:
• Chrome (Windows and Mac)
• Firefox (Windows and Mac)
• Edge/Internet Explorer (Windows)
• Safari (Mac)
If you encounter a problem, please drop us an email.
About our compliance kit
-
With Trace® you don’t have to worry about saving your work, it’s designed to be bite-sized so you can stop, start and resume your compliance work at any time—all of your work is auto-saved in our secure platform. This means you can come back to questions when you have more information or have consulted with colleagues, for example. At Trace® we know that data governance can be a team effort so we have made the platform flexible and designed for collaboration.
-
Trace® data modelling is easy, guided and flexible—you can add data categories at your own pace to reflect changes in your organisation. Every business is different though—some process many categories of data and others might just have a few (for example customers, employees, prospects). With Trace® it doesn’t have to be one-size-fits-all compliance so each company will have their own ‘right’ number of categories.
We would encourage you, however, to work with your colleagues to capture all of the processing in your organisation and then keep Trace® up-to-date with any changes. By keeping Trace® accurate, you will ensure your personal data inventory is evergreen and you know what personal data is in your care; and how protected it is from one secure platform which you can access anytime, from anywhere.
-
You might be transferring data international jurisdictions without realising the potential risk. A good example is if you (or another party to your data processing) use a third-party cloud service provider which has data centres in a different country. This is where Trace®’s data residency visualiser can help you see where data is being processed; and what that means to your compliance.
-
1. If you use Excel or Google sheets to create your inventories, you can easily convert these files into .csv files (for example, from ‘file’ go to download or export and select csv)
2. Once you have converted your file to a csv, ensure it’s well formatted
3. You’ll need to be logged in to your Trace® app, here you can navigate to inventory view
4. Select the import icon (cloud) from inventory view
5. Import your inventory csv file from your computer
6. Map your document columns to the Trace sections, and complete import
7. You’ll then see your work in your Trace app. Trace streamlines multiple processes for a richer, more accurate way to audit data. By addressing any gaps from your existing work, you’ll be able to see your personal, asset and data processor inventories together, alongside retention and data security.
About services
-
We offer privacy, data protection and governance professional services. Our consultancy can be one-off project based or we can offer ongoing support services. We can flex to our clients needs. See our services brochure for our complete range of services.
-
We typically start with an audit or sprint, to baseline your compliance and help you uncover risks and compliance gaps. We ‘right size’ these projects to your size and stage, whether you need to get compliance artifacts and processes in place from scratch or refresh and review your work, we can help. Alternatively, if you have a project and requirements in mind for your privacy project, we can build a Statement of Work and kick off the project. Once we know you better, we can offer ongoing ‘Data Protection Officer’ (DPO) or Chief Privacy Officer (CPO) services on a regular basis to support your privacy maturity compliance. Our DPO or CPO services are also flexible, from an extra pair of hands to fully outsourced, named DPO, we can help. You can book a complimentary discovery call with an expert to find the right service for you.
-
It doesn’t matter what industry or sector you’re in. If you process personal data (like most organisations) or sensitive data, you need to comply with the relevant Data Protection regulations and be good custodians. We work with organisations across multiple sectors: from manufacturing to tech, from third sector to medical and around the globe as a remote first team.
-
Our team are business and client focussed, so we can work with a range of leaders. However, we typically work with in house counsel so support the ‘translation’ of legal compliance to business practice and data management. We also work with start up leaders, including the Operations team to put practical data protection and security processes in place. We often also work with Marketing and HR as areas which handle personal data flows to embed Privacy by Design into project governance.
-
We start with a consultancy call, to get to know your key challenges and goals bette, this is essential as compliance needs to align with your overall direction for most value. We then provide you with a free, no obligation proposal tailored to your need. If you wish to proceed we then put an agreed Statement of Work (SoW) in place with all of your services and pricing transparent. We then project manage the process and engagement from start to finish for you, with your support on the discovery stage.
-
Yes, face to face is possible. Our team has bases in the UK, Europe and USA and can facilitate workshops or attend key meetings on site with our clients, with sufficient notice and allowance for travel time we can in theory travel globally. However, we typically work remote first through video calls and comms and visit regular clients in person.
-
We offer our Trace® app as a managed application for our clients (and clients can also use directly and have access via a Team account). Using the Trace® app alongside consultancy works brilliantly, as getting data protection and governance right requires the right process, people and tech: the platform builds evergreen processes and drives collaboration, while consultants provide point support, toolkits, coaching and expert advice. We also partner with OneTrust and BigID for enterprises using data governance tools.
Other general concerns
-
Under the GDPR, transfers outside of the European Economic Area (EEA) to “adequate” countries are permitted and legal. Trace®’s world data sovereignty map regularly tracks global Data Protection regulation, which helps you keep updated on factors such as adequacy to help you keep your data safe and legal.
-
When it comes to ‘non adequate’ locations, international data transfers may only take place where organisations (e.g. your third parties) have taken appropriate safeguards to protect personal data, such as Binding Corporate Rules (BCRs) or Standard Contractual Clauses.
So if your data categories are showing as being ‘resident’ in a non-adequate location on the Trace® map (according to your inputs and answers when modelling your data with Trace®), you need to take action to ensure there are other safeguards in place, take expert advice or reconsider the location’s suitability as it impacts your risk, legal and GDPR compliance position.
How do I import Inventories into Trace®?
1. If you use Excel or Google sheets to create your inventories, you can easily convert these files into .csv files (for example, from ‘file’ go to download or export and select csv)
2. Once you have converted your file to a csv, ensure it’s well formatted
3. You’ll need to be logged in to your Trace® app, here you can navigate to inventory view
4. Select the import icon (cloud) from inventory view
5. Import your inventory csv file from your computer
6. Map your document columns to the Trace sections, and complete import
7. You’ll then see your work in your Trace app. Trace streamlines multiple processes for a richer, more accurate way to audit data. By addressing any gaps from your existing work, you’ll be able to see your personal, asset and data processor inventories together, alongside retention and data security.
-
Trace® helps you see where you have gaps in compliance or Data Protection. For example, if you don’t have a legal basis, you shouldn't be processing that data in the first place, or if you use a third-party data processor to handle personal data under your control, you need a Data Processing Agreement (DPA).
Through assess view, you can see where you have GDPR compliance gaps (e.g. data is not being processed in a country deemed ‘adequate’ by the EU) and take action in your business (e.g. review the DPA with your processor and ask them to ensure your data is stored in a country where you have assurance there is sufficient safeguarding). Compliance is an ongoing process; and Trace® helps you embed Privacy by Design in your business and tackle risks and gaps as they emerge.