Case Study: Natural History Museum achieves streamlined GDPR compliance and centralized privacy management with OneTrust

Bringing Privacy to Life at the Natural History Museum

The Natural History Museum, led by Data Protection Officer Esme Chapman, faced a mammoth GDPR compliance challenge: siloed teams, varied privacy practices across scientific, education and public engagement functions, and reliance on spreadsheets. To harmonize processes and make privacy responsibilities accessible museum-wide, the Museum selected OneTrust and its Assessment Automation and Data Mapping tools as a customizable, user-friendly centralized solution.

OneTrust delivered a single hub for record-keeping, automated assessments and data mapping; the Museum completed a full data-mapping exercise and Records of Processing Activities in approximately five months. By using OneTrust’s Assessment Automation and Data Mapping modules the Museum reduced manual work through automated routing of assessments, improved adoption of DPIAs and LIAs, gained centralized incident tracking and long-term visibility, and strengthened its ability to evidence compliance and produce an accurate public Privacy Notice.

Natural History Museum

Richard Hinton

Head of TS and Enterprise Architecture Planning