morning good afternoon and good evening everyone wherever you're joining us from we're excited to have you here um welcome to what's new in privacy management my name is Emily padki I'm a product marketing manager here at service now and today I am joined with promote Chandra our senior manager product marketing of our privacy and compliance products promote do you want to introduce yourself hello everyone thanks simily for the quick intro yeah I'm promode I'm from the product management I handle privacy as part of my product portfolio happy to see you all here yeah well promote has a lot of great features and functionality and enhancements to show us today so um not going to keep you very long but I do have a couple of housekeeping items before we get started um um first off you are on mute today but that doesn't mean you can't ask questions we do have a Q&A feature where you can continue to ask questions throughout the session we will be doing a Q&A session towards the end of the uh webinar so please put those in as we go and then we will answer them in the order that we receive them uh if we run out of time and we don't get to your questions we will follow up with you offline to make sure that that is answered also this session is recorded it will be available on the service now now Community forum and our YouTube channel so check it out um you know we're going to be talking about some really cool stuff today so make sure you take a look at that share it out and reference it back Cu uh you're going to want it later and after the session's ended you will probably be prompted to fill out a short survey if you could do that for us we would love that um we want to continue to make these as valuable as possible and we really appreciate your input so with that exciting news all of what you see today is now available on the service now store so don't have to wait you can go ahead and get it today just let us know and today wraps up the last in our what's new series so in case you've missed any of our great sessions around the updates on our products business continuity third party compliance and aits management all of these reportings are available up on the community forum and our YouTube channel so highly recommend checking out we've got some really great stuff going on so and with that and without further Ado I will hand it over to promode thank you Emily I'm going to share my screen right away and we will'll get started awesome can you all see my screen um Emily can you confirm can excellent so we are going to talk about uh privacy and what we released as part of our Zen Adu release so we have two key features that we are going to cover one of them is an almost module as part of the solution itself that we included from this release onwards so the first one starting with um data lineage it's going to help you understand how the data is Flowing across various processing activities systems windows and many other things that you are associating from a data flow standpoint and we also have on functionality to track regulations or Regulators to understand uh which regulator from a privacy standpoint are you dealing with and in case you want to communicate with them how do you go about uh communicating with them with regards to maintaining them as a repository and all of that that is one aspect and last a chat collaboration which will help you work with the Privacy team or work priv where privacy team can also work with the business users on various aspects such as privacy assessments or be a privacy case or even the personal data rights which is a new functionality and uh which will help all these teams come together resolve scenarios quite easily in addition to that like I mentioned personal data rights is the new module that we are releasing as part of our zenat release it's going to help you manage your D are kind of request coming in with that let's uh switch into the details and understand what are these functionalities starting with data lineage like I mentioned uh uh this is a functionality which is on the processing activity connecting various other factors such as uh be an application or a process or a vendor to help you how data flows together so that is one functionality that we going to Deep dive today and the next one is going to be the chat collaboration think of a scenario where a privacy case comes in and you are in interactions with various other key stakeholders such as security team right quickly you can initiate a chat or even security team can initiate a chat maybe from a breach assessment or maybe from a privacy case kind of a record and you can resolve any um kind of questions that needs to be addressed instantly this is applicable even for privacy assessments and we will see an example of privacy assessment as we get into the demo side of things so with these two uh functionalities what we will do right now is we'll switch to the demo we will see these functionalities in live and then as the second half of the presentation we will Deep dive into personal data rights functionality with that switching to the product to Showcase data lineage first so like I mentioned data lineage is primarily coming from uh an aspect of understanding how the data is Flowing so there are two aspects to it on how the data is collected one is on the processing activity we have introduced a new functionality like hierarchy where you can capture where the data is coming from and the where the data is being sent to while you do this uh uh and map these particular uh elements to where the data is coming from and going to right it gives you configurability not just within the processing activity but across various other um aspects as well which means let's say in this scenario I'm clicking create here to see uh that I want it to associate something where the data is being sent to I can choose to which um uh to uh to which relationship here I need to pick let's say in this case it could be a process or an application or even a processing activity um and then map a particular recorder so in this case let's assume if I select a processing activity I can specify what is the relationship does it be needs to be sending data to or it contains and then provide the needed details so this is this is an uh again an option where you're capturing details in this specific view but also what it provides is an entire visual view for this so if we go to the data lineage right button here here it's going to show you overall how the data lineage is from overall visual aspect over here you get to see the home node highlighting that this is a processing activity of nature business application and the risk score is highlighted here based on the criticality assessment that is done and based on various risk assessments that are done on this processing activity are highlighted right here what you also see is an immediate relationship from where the data is coming from and over all originally where all of these things are originating from from a parent relationship node here right so to understand more details about these particular records you can click on them on the right you get to see a quick panel where there are specific details again highlighting what is the purpose of this particular processing activity owner and specific details are given like compliance score are there any critical open issues that is one aspect in addition to that you also get to see what the kind of personal data elements like information objects and their data types and lawful bases related information right here similarly while you are in this VI not just for the home node you can click on the other nodes to see a similar data which is highlighted right here right so the way in which uh you can you can also use this particular visualization is not just viewing them but also add relationships right from here itself for instance if I go here to HR on boarding I can create a relationship or remove a relationship right from here by clicking on it in this case I'm going to define the hierarchy as data being sent to and select the data in this case I'm just selecting for the purpose of demo a processing activity and relationship as data sent to and let's say I apply a quick filter saying HR and then select let's say HR database as an example so the moment I select that if you if you notice HR database has got associated with HR onboarding right here but not just that it also brought in HR web which is which was originally connected to HR database earlier right so what we do as part of this entire relationship is not just to bring the relationship immediate relationship but also if it has further connections from a data flow standpoint we bring those things together and that's how overall you will see from a parent node standpoint here if you go to the Human Resource as a parent node and look for its data lineage it will bring you the overall map on how various processes or applications are connected and not just that it also highlights which of those are critical in nature based on the risk assessments that are done so that you can click on those individual records to understand what is with regards to this particular individual records from a privacy risk and compliance posture standpoint so that's a quick view on how the entire data lineage is going to help you with regards to maintaining the data flow or even understand how data flow is happening across various processes or systems in place great we have a couple questions if you have a minute um first up would this be similar to The Entity workbench Upstream Downstream but held as a processing activity yeah it the concept wise it is similar but it is not as same because in the processing activity we are primarily managing the uh aspects which are relevant for from a privacy point of view or the ones that are procing personal data in the entity work Branch with is in the context of irm integrated risk management product where every other connections are established and it could be across various other regulations but what we show here with regards to privacy in the procing activity is purely from a personal data and personal data related data flow aspects that's a great question thank you for asking sure um next question would this replace the workbench for entity CL entity class no uh entity class will have its own specific workbench right now this functionality what you see here is specific to privacy module or the Privacy product great thank you um last one and then we need to get moving on uh can I update the data lineage automatically from the cnbd surface map uh yeah so uh at present it we start with a manual activity however we have behind the scenes where with a script you can update it uh as long as you know which of those cmdb elements are relevant from a privacy point of view so we have uh hooks behind the SC for you to uh take the cmdb elements the right ones and provide here as a map with u when you know which of those are relevant across the service map which of those are relevant from a personal data standpoint great actually we just had another one come in I think you're going to like this one our CI is from the CMB cmdb Associated to these data sources absolutely that is right and that is what you are seeing right here um this is an entity connecting to the business application and we have a connection right behind on to which business application this is connected to same thing right here as well so we uh what you see right now over here are the ones that are directly connected and not just that as you may see here in this example maybe we have used wherever there is a processing activity or an entity but you can even directly connect an application or a processing or a or a business process or a company which doesn't even have entity or processing activities so you can connect them directly as well and that is where I was trying to show here in this case when you try to create a relationship in here let's assume I select data sento right you can directly connect a vendor or a company and that shows up right here excellent great questions everyone keep them coming um we're going to move on to the next update but uh we will Circle back and get to the rest of your questions at our end ending Q&A session so promote take it away thank you uh one last question I'll take I think I I see it already coming in uh are there any configurations for the cars that we see at present no but uh yeah at present there are no configurations but we keep open on the feedback to see how best we can open it up for configurations as well but in the current version there are no configurations cool with that let's switch to the other functionalities that we have within the Privacy so I'm going back and going to talk about another functionality that is um the discuss button for the discuss button what I will do is uh in this case I have M the scenario where we have sent a privacy impact assessment to a user it is work in progress so let's log in as well and mimic a scenario on while while working on a privacy impact assessment or a privacy assessment how he can leverage a discuss functionality to quickly initiate a conversation uh by opening up a chat so I'm switching to vals window right now what you see is vals Inbox where he have various assessments assigned to him he's going to launch the Privacy impact assessment and as part of this particular assessment he can take the assessment by clicking on this particular button so there are various questions that are asked as part of this particular assessment and U as well get to start answer all of these things these things has already answered maybe he has a question at at a particular State what he can do is instead of coming um um he can come back to the Privacy assessment and initiate a discussion right from here and say that I want to talk to Josh and start the discussion and say that um hi Josh and um tag them and then say need help web right now this is a quick way for the uh for the business users who are answering the assessments or even privacy case for that matter or even any other uh solution within the Privacy right when they are working on these things they can initiate a discuss option uh like this and on the other side Val would see a notification coming in in in the in the service now interface and uh Val can see these details uh and uh respond to uh respond Josh can see these details and respond to well in the scenario now all these conversations as we talk also gets recorded in the in in the activity stream so that we can go and refer these um uh these discussions that were done so that it is tracked in the overall um in the context of that particular um uh assessment itself so that's a quick preview of the discuss functionality that we just released which will help you collaborate with your business as a privacy team to get these questions resolved quickly now like I said this is enabled if I just go switch to the product uh uh presentation it is enabled for privacy assessments proc activity uh privacy case and the personal data rights as well which we're going to see in a short of while excellent we have a couple questions for you um this does not leverage the smart assessment feature for assessments does it uh no not yet and uh we are tracking that as part of our road map and what roles would Josh need if he is not related to the record already would he still be notified via email or some other way yeah so uh the roles are usually the Privacy specific roles uh that that are needed if not as well uh they just need to be a user within the service now that ways they get uh notified and these notifications can be sent in two ways one uh like within service now what you saw that is one way of notification U and as well there is uh an integration with Microsoft teams as well so when you when you send uh a chat message from the service now it will go and create a group within Microsoft teams from and from there someone can respond as well so it's a cross collaboration across uh platforms as well so from a Microsoft teams you can respond and on the other hand uh um an employee from the service now is also responding it using the chat who initiated it great um along those lines does it have any Integrations with Microsoft teams or slack or do we expect the user to be on the service now system to respond yeah it it has an integration with Microsoft teams uh and there are respective documentation as well in our service now uh documentation on how to integrate with Microsoft team so we can leverage that and take it Forward excellent all right uh again great questions guys keep them coming um but we're going to move on to our next update which is my favorite I'm so pumped about this for personal data rights that's right yes let's get in so um with regards to the personal data rights um um what we have done is this is a brand new module that we have released as part of Zen uh this was there as an innovation lab release in the previous version and now we have opened it up for uh the General market as a general availability so here are the key highlights of this particular solution right so personal data rights uh comes with specific um uh roles again there's a requester there's a uh PDR agent uh PDR manager PDR data owner and ADB various roles coming in I'm going to explain those roles in a minute and uh there is an intake aspect from where the requests are coming and there's a workflow aspect on how are we receiving this um PDR request and managing the tasks related to these PDR requests with various other data owners who are managing the systems and there is a dedicated workspace for this particular functionality so it is not clubbed with the Privacy management workspace but it is a dedicated workspace so that if there are frontend agents who supporting privacy team they can be provided with this dashboard with this landing page and as per separate workspace and they need not be provided the entire privacy workspace which may have lot more sensitive data where the first line who is managing these U requests need not see so with that uh uh let's uh look into the details on how this particular module is going to help us so personas definitely requester these are the um these are the individuals who are having an engagement with an organization and that they are more concerned in general about where's my data what how is my data being used and various concerns related to the data right and they are the ones who are generally coming and raising requests and PDR agent or manager is from the P from the Privacy team fending the requests that are coming in and making sure these requests are coming in and they are being tried they are being followed up within the right time making sure the deadlines and slas are met right so they are more concerned about how the requests are being handled and are they being handled as per the regulatory obligations there's a p data admin who manages the data for various systems that they own so they get the further requests or task from the PDR agent or a manager and their concerns are can I uh can I handle large volume of so data that Corrections wise how fast I need to correct this data right uh what are the slas that I need to meet all of those aspects and communication aspects to the PDR manager or the agent those are the concerns that uh PDR uh data admin would share and lastly the Privacy team right uh who wanted to oversee how the overall personal data rights or the thesr requests are being managed so that it is compliant with various other Global regulations which are which are demanding this particular obligation so here is a quick flow that you see on how the overall solution would look like um a requestor can raise a uh can raise a request could be from various options they can have a public facing form uh uh which may be in in their website or it could be an uh it could be a phone call that can come through these are the two external sources um and the public facing form can be integrated with our apis or even an email can be sent and with all these various sources um based on the user validation what we do is we create a request right so uh from out of the box standpoint we provide email as an option to intake and as well as apis so that you can integrate these apis with your public quing form and you can validate the user manually and finally you can create a personal data rights request once the personal data rights request gets created it has various workflow States here one is the new state where this state is going to help us understand how many um requests are not yet being started with or not yet being picked up by any of the agent and there is a verification approval step this could be various scenarios such as maybe the request is coming from a resident from a specific location where there is no such regulatory obligation which needs not be processed or maybe it is coming from a requester who may have a legal obligation with the organization so you may need additional approvals to process such kind of a request right so there is an optional step in case you wanted to have additional approvals before you start working on it and once you start working on it this is the step where we go and assign the task to the PDR action owners who are the system owners uh managing systems where the data resides and they can complete the task as per the SLS defined um in in the entire process and once they respond back within the time then the PDR agent would be able to reply back to the requester saying that the request has been fulfilled within the time so this is how the overall flow would look like we'll quickly show you how this entire solution would come together as part of the product so we'll switch to the demo so like I mentioned uh we have a dedicated workspace so over here you get to see we have something called personal data rights as the workspace and this workspace provides you various details such as what where the um where the attention need needed right by the PDR team in this case how many are overdue how many are how many requests are coming in how many of them are new and all of that and uh what are the different types of requests that are coming in uh and as well as from whom are we getting these requests as well as the status of those requests from a workflow point of view and as well as the trend report on how many requests are we receiving on regular basis on a overall monthly scale not just requests but also the tasks right the tasks that are assigned to the PDR own uh PDR data owners who are managing the data at the end of the day they are how they performing on their tasks are there any overdue tasks because this would give us an indication whether the request timeline is going to be missed out right so tracking all of those aspects in the workflow States you get to see that here how do we create a request like I mentioned it can be an API call so from an API directly a new request can be created or it can be created manually as well wherein maybe on over a for call or some when the request comes in you will be able to take such a request and take things take the needed details let's see how a typical request would look like getting into one of the requests picking one of it let's say in this case data deletion so over here you'll be able to capture the source from which it has come through this can be manually selected as well provide the uh details about the name description what regul ation this is associated with and also what is the requester name and the requester type where from which location we are receiving the request and as well as um uh uh the request type and these request types can be configured how we want based on the list and also the request of email details and all of that if you're doing user validation in a manual fashion then you can also opt specifically which is which is the validation that you have chosen once the request is uh taken what we can also do is we can go and we can generate the tasks for the data admins and owners who would be working on this particular um task right so as a PDR agent I can go here and I can click on the generate tasks and what would happen behind the scenes is that it will go look at who are the admins relevant from a customer data standpoint it uh it will look at a specific registry and based on that registry it is going to generate tasks and I'm going to show you the registry as well in in in a short bit so for now when I click on generate task you can provide additional commments and the tasks would be generated right here so as you may see here various tasks are generated for across various it asserts and also to various owners who needs to work on it let's understand how this entire thing has happened right for that what I will do is I will duplicate this tab and quickly show you a data registry functionality which will capture who are the who are the owners and what kind of data they are managing all of that can be maintained in a registry and that registry is what I'm going to show you in this case when I come here here is the data registry where you can maintain um and you can create new and maintain this saying that here all the various assets that you're dealing with what who are the who are the personas whom we are dealing with as part of this particular it assets right and who are the owners it could be a group it could be a user it need it could be a named user or it could be a dynamic user with for uh who who is associated with respective asset in the cmdb right based on this particular registry configuration when we click on the generate t ask on the PDR request various request gots generated across it asserts where only customer reference has been provided because the request is coming from a customer and uh task owners have been provided asum May notice all of them are in the draft mode so it can uh we can click all of them if needed and assign it or review individually and go assign these tasks individually as well and these tasks are generated uh based on a template configuration so I'm going to go go to configurations also show you how these configurations would work so if I go to one of the task here you can templae a task by providing what is the default name of the task what is the description what is the priority for it and also as and these values are picked based on the registry and provide the due date and all of that right and uh you will be able to assign these tasks so that's how you can quickly um assign the tasks and end of the day once the tasks are completed you can uh you can email to the user based on how um the tasks are completed so this is where you get to the scenario of coming to a request um uh go you can you can go and you can uh respond to a requester saying here is how we have addressed your details if you want you can templae those emails as well so that from from these templates you can autop populate the content and then send these emails to the user and all those emails are again tracked as part of the main personal data rights request record itself so as you may see here you will also see certain notifications and all of those things already got triggered and that are being sent to the user for example in this case an email was sent to the requester the moment it uh a request was accepted in this uh as a simple template um an email was sent similarly when a request got created it was it was assigned to a group by anyone we picked it up and when Josh picked it up he also got a notification that he can work he started working on this particular uh request as an email right so again these emails templates are configurable so you will be able to uh manage these email templates using the usual platform functionalities so that's on the personal data rights quick overview uh where if I just go back to the flow once again uh once the request comes in there are various workflow steps with which you're addressing the request and at some point in time you're also assigning it to action owners and action owners are working on the respective tasks and based on the responses that are coming in ultimately you can send an email request to the requester saying that the request has been fulfilled and overall we have provided home H page reports for you to quickly track the overall operations related to personal data rights on the configuration front we would like to quickly show you how things are so I'm logging in as an admin going to the personal data rights and when I open the request type here is where you get get to see all the configuration aspects related to this particular functionality as you may see here there are two State models that are provided which means these are the ones that are controlling the workflows related to each of these uh either the this is for the data rights request this is for the action task so you can change the workflow States accordingly the inbound email is again the configuration which will help you to take a request or create a request based on the in uh inbound configuration that was done and also there are substates that you can Define and these substates also can be configured based on specific jurisdiction for instance if when I say right to opt out as one of the scenario we can say that right to opt out is only applicable for specific jurisdictions so only when the location field which means if I just go back here open the task one of the existing um record to Showcase what I was saying let me pick the same old record go to this details so based on the location that was selected what request type should be shown can can be configured with this particular option so only when respective jurisdictions are selected then the respective uh subtypes are shown as part of the PDR request oh let me go back to my my PDR request and also you can have assignment rules in case you have various groups then you will be able to uh map which request needs to be routed to which group based on the request type or various conditions that are coming in so there are set of configurations that are provided to manage your workflows and also to manage your uh subtypes and configurations related to it also the view rules helps you to manage your uh entire form view uh which where you wanted to highlight for a specific request type you wanted to hide and show fields or you wanted to have specific view then you can configure those rules right here and also assignment rules in case you have multiple groups so those are the quick configurations uh overview on the personal data rights um as an overall feature so let me pause here for a minute and see if there are any specific questions related to the overall personal data right solution we do have a couple that have come in so far um can I configure email content that is being sent to the requestor yes absolutely email content is something that definitely you can configure and like have showed when you open up the email right here let's say if I go to the personal data request and go to a comp email you will be able to see the email templates right from here and you can if there is an email content you can insert that email content and take things forward so that is pretty much an option great um another how can I get the personal data rights workspace ah so there are specific roles that uh that needs to be assigned so if I go back um and talk about the roles here we have provided dedicated roles um and these some of these roles when you refering the documentation there are they'll be assigned with um the personal data rights workpace privacy team will have meaning the privacy rules will already have those uh rules eded in in them by default but in case you wanted to dedicatedly give this workspace roles that also is a possibility great next are there any plans to have playbooks for the privacy app just to make it simple and lean from the user experience point of view absolutely absolutely playbooks are one of the next uh user experience enhancement that we're going to pick up as part of our road map so that is being uh that's going to be considered as one of the major Focus elements in the coming road map items excellent keep those questions coming guys this is great information why not combine the PDR space and privacy work space as a new page instead of instead for easy navigation absolutely that's a great feedback definitely yes there there are plans to connect how do we get to the personal data rights from the Privacy workspace itself but for now we have provided it separate so that in case there are frontend agents who are going to work on personal data request but not the Privacy team from the legal department or from the respective privacy Department right um to separate out from security aspects we have provided a dedicated workspace but we have plans of taking some of these reports critical reports placing it in the Privacy uh workspace itself so that there is a visibility right there on the Privacy um uh workspace and also there's a navigation directly from there to this one excellent questions yeah thanks guys keep them coming yeah so uh in the meantime please please uh please ask the questions whatever you have but however I would like to cover one more uh functionality um I'm just going back uh to the agency aspect over here what I mentioned is the Privacy regulatory agency Library would like to quickly give you a preview of this particular feature and any other questions that you have across all the features please uh do ask in the questions so for that the whole idea of providing a privacy regulatory agency is to have a track of Regulators whom we need to be in Connect at regular intervals right be a privacy case or be a privacy regulation that we are working on in case we wanted to contact Regulators this is going to be the option for us to have an interaction with them the way it works is if I go to the Privacy workspace on the Privacy workspace we have provided an an option called agency under um yeah regulatory information agencies and over here you get to see various agencies that can be configured let's assume if I pick one of the um agency as uh let's say uh for now European Union here you can configure uh what is this agency all about who are the regulatory uh contacts right and uh what jurisdictions they govern and what kind of aity documents that that are associated with it and in case you wanted to have any communication with the regulator then you can also have that communication using the email uh email capability right so this is a way for for us to interact with the regulator in any specific scenario such as there's a privacy breach or there's a regulatory inquiry that needs to be made this can be uh the place where we can maintain the over all communication aspects for a given privacy regulation so this is also embedded as part of our current Zen release with that if I quickly go back to the overall solution I mean overall features that we have released as part of zenu a quick walkth through like I said data lineage is one where we are having a functionality of understanding how the data is coming from where it is coming where it is going to across I systems that is one functionality Regulatory Agencies as you just saw it's a repository of maintaining agencies or regulators and and having an option to communicate with them and track that communication in one single place for for future references as well and the new chat experience and the new chat experience where you can initiate conversations quickly to uh to to close out on various contacts such as beta privacy assessment beta processing activity or a privacy case or even personal data rights for that matter if there are specific discussions between the person PDR agent and as well as the data owners needs to be resolved quickly uh we can quickly dis uh open up a discussion and then uh close out on those questions right and overall the personal data rights as a solution that uh you saw to make sure how we can address these are use case as part using personal data right functionality so these are the highlights of the zenu release I will open up the floor for any further questions excellent thank you so much PR mode I'm very very excited about these personal data rights DS can be a handful so any way that we can bring efficiency and streamline those processes is greatly appreciated so excited to see how this is going to uh help all of our customers uh manage all these these different requests so great demo thank you so much um again want to open it up to the floor for any other questions you might have um I'm going to share my screen real quick all right so let's open it up for any Q&A uh first off great demo thank you so much um and feel free to type in any other questions that you may have while we're going through just a quick reminder that today session is being recorded and it will be up on the community Forum as well as our YouTube channel within the next 48 hours so I know we went through a lot today we went through it fairly quickly so if you want to reference back to anything we will get that here for you um check this out do the QR codes I will also put the link to the YouTube channel in the chat today and we also have a Running Blog up on the uh Community Forum that has all of our upcoming webinars our industry events so you can come see us uh we also do a bunch of live workshops around risk and compliance um and audit management so feel free to check those out join us we'll be coming to a town near you and would love to see you um looks like we are good with the questions well done for mode thank you so much and everyone have a wonderful rest of your day or evening and we'll see you at the next one thank you for joining us thank you have a great day