How To Claim & Edit Your Company’s Trust Profile On hoggo
In this article, we will guide you through how to claim and edit your company’s Trust Profile on hoggo.
What is a Trust Profile?
Trust Profiles are meant to allow you to improve and showcase compliance with regulations and frameworks such as the GDPR, CCPA, AI Act, etc.
By having this up-to-date, you can close deals and enter new markets much faster. Your customers and investors could quickly assess your compliance posture and move quickly during the due-diligence process.
How to claim a Trust Profile?
We generate Trust Profiles by using AI, so thankfully, you don’t need to start from scratch! Start by typing your company’s name in our search bar, or simply click “Create new Trust Profile”
Then, simply click “Claim Ownership” and you’re all set! Make sure you sign up with an email address associated with your company’s domain, otherwise it won’t work. You can always create a new account.
How to Edit Your Trust Profile?
Let’s go over the different categories and elements in your Trust Profile. This way, you will understand what is needed to be provided in each section.
General Section
In order to edit this section, click on the “Edit” button on the top left.
- Internal Training – Do your employees undergo internal privacy training?
- Data Broker – is your organization a registered data broker or is involved in data enhancement?
- Enquiry Proceedings/Legal actions/ Breaches – have you ever faced a complaint/fine/legal action or a data breach?
By navigating to the “Controller” tab, you will find more data elements to complete:
- Do you have a process in place to respect Data Subject Rights? Read more about it here.
- How are you using anonymized/aggregated data? If your company doesn’t limit it’s anonymized data-usage, choose “no conditions”. If your company only aggregates/anonymize limited data types, choose “limited data types”. If you only use aggregated data with prior controller consent, choose “Prior controller consent”.
- Data Enrichment – Are you using data enrichment tools or engaging with data brokers?
- Are you using AI on personal data you process as a Controller? It could be Fully, Partially or None.
By navigating to the “Processor” tab, you will find more data elements to complete:
- AI Usage – Are you using AI on personal data you process as a Controller? It could be Fully, Partially or None.
- Employee Confidentiality – Does anyone who can access your data has to sign an agreement promising to keep it secret?
- Retention – How long your data is allowed to be kept before it needs to be deleted.
- Deletion – After termination, the data must be completely erased from all systems?
- Return – After termination, the data must be returned to the controller?
- Anonymized Data Use – will the Processor (you) use anonymized data? Are there any restrictions?
- Written Instructions – Will you only handle data exactly how the Controller tells you to in writing?
- Sub-Processor Objection – Can the Controller object to new sub-processors?
- Breach Notification – how quickly must you notify the Controller about an incident or a breach?
- Assistance in Exercising Rights – will you, as Processor, assist the Controller fulfill data subject requests?
- Audit Rights – Yes/No
- Access to Information – Can the Controller access the information being processed on its behalf?
- Third Party Transfers – when and how your data can be sent to other countries or companies?
- Sub-Processor Agreements – do you have an agreement with each of your sub-processors?
Under the “General” section, you can edit the following information:
Under the “Documents and Policies” section, you can edit the existing links to your policies:
Under the “Third Party Certification” section, you can toggle all the certifications that your company holds:
Under the “Technical and Organizational Measures” section, you can toggle all the TOMs that your company have in place:
Under the “Data Types” section, you can provide more information about the types of data collected:
- Data Type – under which category this type of data falls under?
For example: Contact Details - Specific Type – this is optional, but you can provide more granularity and indicate the exact types of data being processed.
For example, emails. - Type of individuals – to which individuals this personal data is connected to?
- Purpose – what is the purpose of the processing?
- Retention – for how long will it be kept?
- Legal basis – what is the legal basis, as defined under the GDPR, for the processing?
- Used with AI – will this data be used or shared with AI features or providers?
Noa Kahalon
Noa is a certified CIPM, CIPP/E, and a Fellow of Information Privacy (FIP) from the IAPP. Her background consists of marketing, project management, operations, and law. She is the co-founder and COO of hoggo, an AI-driven Digital Governance platform that allows legal and compliance teams connect, monitor, and automate digital governance across all business workflows.