CASE STUDY

The Success of Connecting Compliance, Collaboration & Agility

In just six weeks, Glovo completely transformed its Privacy Program, facilitated by its recent collaboration with TrustWorks. This partnership, characterized by ongoing support and collaboration, enables the Privacy Program to continuously evolve and expand.
Industry:
On-Demand Delivery
Privacy Team:
7 + local DPO’s
Region:
25 countries in Europe, Western Asia, and Africa
Product:
Mobile app & delivery platform
Customers:
170K Partners & 15M active users
Size:
Enterprise.  4.2K employees
Glovo is a leading on-demand courier service present in more than 20 countries. The company specialises in last-mile logistics, primarily connecting users with businesses and couriers, offering on-demand services from local restaurants, grocers, supermarkets, and retail stores via its mobile app.

Since mid-2022, Glovo has been a part of the Delivery Hero Group, a publicly traded German company.
Privacy Management
In 2023, after 18 months of failed attempts to automate Data Subject Requests using a leading Privacy Management Platform, Glovo migrated their Privacy Program to TrustWorks, gaining the desired agility aligned with the goals of a fast-growing organisation.

In just 6 weeks, Glovo and TrustWorks teams worked together building foundations of efficient privacy operations. One of the most important aspects of this new partnership, which involves constant support and collaboration with the TrustWorks team, is that the program is in continuous evolution and growth.
"I finally found in TrustWorks the tool that best suits my needs thanks to the high technical level and automation that I wanted to implement. In addition, they offer us  very personalised attention that makes us feel very comfortable in terms of rights and privacy management."
Mireia Martínez
Head of Privacy at Glovo
CHALLENGES
SOLUTIONS
CHALLENGE:
A company in rapid and continuous growth: It was necessary to create and operationalise a program that responds to the requirements of the different laws and jurisdictions as well as organisational changes in this fast-paced company.
SOLUTION:
An agile and flexible tool that can adapt to Glovo’s processes and tech stack. Seamless integration with the communication and ticketing tools used within the organisation (JIRA, Confluence, Slack...) allowed Glovo’s Privacy team to collaborate better with all teams involved in privacy operations.
CHALLENGE:
Limited visibility: the key challenge was the need to have a clear overview of the systems, tools, workflows and projects that are involved in processing personal data.
SOLUTION:

Instant Data Inventory by connecting to Google Workspace, SSO provider and other tools used at Glovo: TrustWorks’ implementation in just 6 weeks, allowed real-time identification of both authorised tools and vendors as well as ShadowIT and ShadowAI. Such data inventory was integrated with imported:

  • Records of Processing Activities
  • Privacy Impact Assessment Workflows
  • DSR Workflows and Policies
CHALLENGE:
Need for multilingual and multi-location adaptability: The large volume of DSR requests and the unique characteristics of the business - different countries, languages and teams -  did not make it possible to outsource the process without losing control, and building this process in-house would have been very costly.
SOLUTION:
Automation of DSR processes and ability to adapt to Glovo’s organisational challenges:  Implementing automated workflows allowed Glovo to improve their operational metrics related to DSR fulfilment and reduce response time by 70%.
CHALLENGE:
Avoid manual and tedious tasks: The Data map and the Record of Processing Activities (RoPA) at Glovo were maintained manually before implementing data mapping automation.  Lengthy meetings and cumbersome questionnaires posed challenges for the privacy team, hindering their efficiency.
SOLUTION:
Constant monitoring and close collaboration with the TrustWorks team: The platform identifies new tools and gives better visibility on ongoing initiatives, notifying the Privacy Team of possible changes to RoPA. Additionally, Glovo and Trustworks teams are in constant communication to respond even better to organisational changes, by deploying new workflows, templates and best practices.
Key Takeaways
6 Weeks Implementation
Instant Data Map
RoPA
Health-Check
DSR Automation
->

Quick Implementation

Glovo saw significant improvement in the operationalisation of its Privacy Program in just six weeks. The first objective defined by the company was to streamline a high volume of Data Subject Requests. In addition to the volume, these DSRs had to be managed across different countries and jurisdictions, making manual fulfilment impractical.

Glovo had previously engaged with another solution (a leading privacy management platform), however, the implementation failed, despite working on the project for 18 months. Outsourcing the process was not possible due to the large number of requests and the unique nature of the business, managing different countries, legislations, languages and teams. Glovo and TrustWorks carried out quarterly planning to define the main challenges, objectives and steps to follow. In just 6 weeks the first version of multilingual, multicountry DSR Automation workflows was up & running, involving integration to internal and third-party tools included in the process and improving the efficiency of the privacy team.

Even though DSR Automation had been established as the principal objective, TrustWorks and Glovo team worked closely on the implementation of other elements of the privacy program, like Data Inventory and Records of Processing Activities to improve maintainability and visibility on ongoing initiatives and changes in the organisation.
->

Avoiding Dependency On IT

Building a complete and instant data map was critical to identify tools and vendors used within the organisation. The goal was not only to build an inventory of authorised tools, but also to identify vendors that had not been properly onboarded. This was a quick step within the implementation process thanks to the easy integration with Google Workspace, SSO provider and other connectors provided by the TrustWorks platform.

  1. This step required minimal involvement from the IT team (setting up the integrations). Before this implementation, this was a very demanding process, requiring constant requests to IT in order to get visibility on vendors and tools used across different departments.
  2. The Privacy Team at Glovo could monitor changes within the organisation autonomously, being able to identify not only the tools approved at a corporate level but also identify ‘shadow IT’ cases, and most recently ‘shadow AI’. Additionally, TrustWorks team also built workflows that provided integration with existing vendor assessments.
  3. Finally, data inventory was enriched using a proprietary Vendor Intelligence Module that includes information about risks, documents, processing locations and legal entities.
->

Optimising The RoPA Quality And Elevating Its Potential

For Glovo, it was critical to easily identify the data repositories that were not linked to any processing activities, or that might require a Data Protection Impact Assessment or Transfer Impact Assessment. TrustWorks platform provided:

  1. RoPA Health Check - Identification of gaps and possible information quality improvements to processing activities imported from the Legacy Privacy Management Platform. The TrustWorks’ AI Assistant analyses the data map - tools and providers - and compares them with the processing activities to identify possible gaps. The privacy team is also provided with risks and possible mitigation measures as well as areas for improvement.
  2. Within days, Glovo enriched their Records of Processing Activities which greatly improved the validation process with corresponding business owners. Questionnaires integrated with JIRA and other ticketing tools allowed the Privacy team to improve questionnaire response rate and time. As a result, the collaboration between the Privacy Team and the rest of the organisation has improved significantly.
NEXT STEPS

Improving Collaboration Related to Ongoing Initiatives

Glovo’s Privacy Team established an objective to implement Privacy By Design to all processes in the organisation. TrustWorks platform integrates provides visibility on all ongoing initiatives and, among others, provides insights related to implementation of internal applications. The integration with Product and Project Management Tools and Source Code Repositories helps the Privacy Team to have better visibility and get compliance-related insights from ongoing projects.
"I love the collaborative and intuitive approach that the TrustWorks suite provides. It was key to supporting the complex processes when handling the company’s DSRs in different countries, legislations, and languages.  And later on, with the  automation of  all the process steps, we finally obtained the scalability and agility the company was demanding for the Privacy Program." 
Mireia Martínez
Head of Privacy at Glovo
Wondering how TrustWorks can bring agility and collaboration to your Privacy Program?
Get in touch