How Zego went from manual data mapping to complete automation with Privado
From conversation with Matt Kingsland, Compliance Manager at Zego
About Zego
Zego, an insurtech company, has achieved unparalleled success in just a couple of years, with over 300,000 vehicles insured and over $200 Million in ARR while tripling the company size and product offering. Read along to learn how Privado enabled Zego to scale privacy.
Zego's challenges
Zego's privacy team needed a way to automate data privacy assessments to ensure they had enough bandwidth to scale privacy initiatives to match the product growth. The team had one privacy expert, an external agency supporting them, and legacy privacy software in place.
But as the company started to grow, the team had to consider additional concerns:
Large engineering, small privacy team
Zego's tech team grew 5x in 2021, but the privacy team and supporting agencies did not scale at the same rate.
Rapid product development
The engineering team had to invest all resources in building new features to sustain company growth, leaving them with no time to fill out the privacy team's manual reports.
Resource crunch
The privacy team provided thorough training on RoPA requirements and DPIAs to the engineering teams. Still, the engineering team could not keep up with RoPAs and DPIAs due to resource constraints, leading to delays.
Last-minute requests
With tens of feature launches running parallel and the privacy team's stretched resources, the privacy team also could not keep up with the DPIA process for all feature launches, leading to several last-minute privacy review requests.
Legacy privacy solution provider
The team couldn't scale the legacy privacy software used at Zego. Their legacy solution required teams to upload lengthy Excel questionnaires. Because each questionnaire required hours of an engineer's time to manually complete, the privacy team had to wait months for a response and often times would never hear back.
Privacy by design
While automating privacy was a priority, Zego didn't want to increase risk by exposing customer data to a third-party privacy solution.
Why Zego chose Privado
As Zego's privacy team struggled to get responses for their privacy assessments, they discovered Privado and decided to run a pilot. The tool quickly started showing results:
Complete visibility
Privado scanned all application repositories in Zego's codebase and generated comprehensive data maps and privacy reports. The data maps detailed the repositories that process personal data, with whom the data gets shared, and where it is sent. With Privado, Zego eliminated the manual questionnaires previously needed to collect this information and minimized the effort from engineers. Instead of having to ask engineers what personal data collected, how is it used, and why it is necessary, Zego could now present engineers with a full map of data collection, usage, sharing, and storage for each application. This enabled engineers to quickly validate and provide additional context for each use personal data.
Integrated with developers' workflow
Privado integrated with Zego's codebase on GitHub in under 3 minutes with its simple connection process. With Privado integrated into GitHub's code review process, the privacy team was now alerted each time developers pushed new code with potential privacy issues. This enabled Zego to sync privacy compliance with the speed of software development.
Quick responses
The team used Privado to send out privacy assessments to the engineering teams. Since Privado pre-filled assessments with code-level outputs from its data maps and phrased the assessments using engineering terminology, the privacy team received 10x the number of responses in just under a week, versus getting little to no responses before using Privado.
Extended team
Zego's privacy team tapped into the Privado team for guidance on creating policies and setting up business processes to help bridge the gap between them and the engineering teams. This enabled the privacy team to get started quickly and get high response rates for their assessments.
The results
