Independent Research Film Ovum Has Named Privacy Management Software Company OneTrust as a Leader in the Market
It has been two months since the launch of the European Union’s General Data Protection Regulation (GDPR). While the risk of data breach still hangs in the air like the mythical Damocles’ Sword, many companies have chosen to minimize the risk by adopting privacy management solutions. In its recent report, Ovum, a leading analyst and research firm, has named OneTrust as a strategic leader in the global privacy software market. The report highlights how OneTrust’s comprehensive solution helps companies execute privacy compliance strategies in a changing global privacy environment beyond just the EU’s GDPR.
“Prior to the GDPR deadline, many procurement decisions were made in haste; legal, privacy, and DPO teams frequently made small, tactical point-solution purchases to address specific GDPR requirements, often without the involvement or knowledge of the IT department,” writes Paige Bartley, Ovum’s Senior Analyst, in the report, adding, “This approach limited the strategic integration of these solutions into the broader information governance framework of the enterprise and did little to prepare the organization for future changes in the global data protection regulatory landscape.”
Global approach to privacy management
Bartley says that global privacy management requires a vast coordination of people, process, and technology. “OneTrust has emerged as a strategic player in this space for their ability to harmonize compliance efforts across diverse business units and stakeholders.” OneTrust is the one of most widely used privacy management and marketing compliance software with 1,500 enterprise customers, including 200 of the Global 2,000, the world’s top two retailers, top three insurance providers, top five global advertisers and more.
Bartley acknowledges that data privacy is not just about technical controls for data. “Encryption, masking, and access controls are necessary technical elements of a robust security and privacy effort, but a comprehensive privacy program is defined at a higher level by process management, human roles, and workflows. As no single product can exert all the data controls necessary for privacy, it is more valuable to have a platform that can centrally manage privacy processes and integrate with various other tools to execute specific technical controls.”
OneTrust takes this approach. “It provides a central hub for the management of processes, as well as the central management and storage of data associated with risk assessments and consent,” writes Bartley, adding, “It integrates extensively with other technology tools, leveraging existing IT investments and enabling workflows that are triggered by actions in third-party products.”
OneTrust offers two broad categories of modular products
- Privacy program management products: These include assessment automation, data inventory and mapping, vendor risk management, and incident and breach management. Process-oriented in nature, they integrate with third-party products such as data loss prevention (DLP) tools and task tools such as Jira; integrations allow OneTrust to trigger and centrally manage workflows associated with privacy.
- Marketing and web compliance products: These include data subject rights management, website compliance scanning, cookie consent management, and universal consent and preference management. Largely geared toward the “outward-facing” controls for data subject preferences and rights, these capabilities fully integrate on the back end with the privacy program management products, and third-party products such as Eloqua, Marketo, and Salesforce, to create comprehensive workflows for the enterprise.
Changing norms across the globe
But GDPR isn’t the only data privacy regulation one needs to abide by. The California Consumer Privacy Act of 2018, dubbed as the American version of GDPR, was passed last month, although changes are expected to take place before the CCPA’s enactment in 2020. The Ovum report highlights that OneTrust’s privacy counsel researches data protection regulations to provide customers the tools needed to manage the constantly shifting privacy landscape, including recent developments in Japan, Brazil, India and the United States. For example, within a week of the surprise passing of the California Consumer Privacy Act of 2018 (CCPA), OneTrust issued a free tool for companies to assess their CCPA readiness. OneTrust also published a white paper titled ‘Privacy Rights Under the California Consumer Privacy Act vs. the EU’s General Data Protection Regulation’ that explains the similarities and differences between the two laws.
“Jurisdictions across the globe are creating new requirements for data protection and companies will need to leverage a comprehensive, mature compliance solution that integrates with existing security, IT and marketing investments,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP). “The GDPR made data protection a business priority and OneTrust will continue to support businesses in their effort to comply with the growing list of privacy regulations. We are committed to supporting our customers with the most harmonized and comprehensive privacy solution.”
This is what makes OneTrust a leader in the market, according to Ovum. OneTrust offers solutions to scale with a company, with products designed for small- to medium-sized business focused on local jurisdictional laws up to enterprises managing hundreds of privacy regulations across the globe.
Recommended Read: Easy Data Portability Comes to Town With Google’s Data Transfer Project