OneTrust privacy management to cure your compliance blues?

The rapid proliferation of a complex set of global privacy and security laws, most notably the European GDPR, the California Consumer Privacy Act, ISO27001, and hundreds more regulations already in effect and/or in the works, has touched off a frantic search by large enterprises for software providers to help them get, and stay, compliant with myriad privacy and global security laws.

Kabir Barday, CEO and Founder of Atlanta-based privacy management startup OneTrust, explained:

Jurisdictions across the globe are creating new requirements for data protection. Companies need to leverage a comprehensive, mature compliance solution that integrates with existing security, IT and marketing investments and is designed to adapt and scale to the fast-shifting compliance landscape.

Barday would know. Last week, OneTrust closed a remarkable Series A round of $200 million led by growth equity firm Insight Partners. The three-year-old company - fresh from being named the fastest-growing company in Metro Atlanta - is now officially a unicorn - valued at $1.3 billion following the investment.

The growth stats suggest that OneTrust has quickly become the leading player in what is essentially a new tech industry segment. Since it was launched in 2016, the company has scaled to a team of 1,000 employees and more than 3,000 customers in over 100 countries. The company is co-headquartered in Atlanta and London and has additional offices in Bangalore, San Francisco, Melbourne, New York, Munich, and Hong Kong.

OneTrust says its DataGuidance database - updated daily by over 40 in-house privacy and security researchers and a network of 500 lawyers across 300 jurisdictions - is the world's most in-depth data set of privacy and security regulations.

In explaining the high valuation, Richard Wells, Managing Director at Insight Partners, said:

OneTrust has truly established themselves as leaders in this space in a very short time frame, and are quickly becoming for privacy professionals what Salesforce became for salespeople. They offer such a vast range of modules and tools to help customers keep their businesses compliant with varying regulatory laws, and the tailwinds around GDPR and the upcoming CCPA make this an opportune time for growth. Their leadership team is unparalleled in their ambition and has proven their ability to convert those ambitions into reality.

It is probably just a coincidence that the announcement came the same week that the U.K.'s Information Commissioner announced that it has fined British Airways a gobsmacking £183.39 million ($230 million) for a data breach that took place last year while Marriott International copped for a fine of over £99 million ($124 million) following a breach of its systems that led to the exposure of approximately 339 million guest records dating back to 2014. Both fines are proposed and likely subject to appeal.

It is clear that GDPR, and the California Consumer Privacy Act, which goes to effect on January 1, 2020, have provided both real urgency and legal bite to the ongoing evolution in online privacy and data protection.

How does OneTrust work?

OneTrust offers technology and services covering three different aspects of data protection and privacy management.

1. It helps companies stay compliant with privacy and security laws like ePrivacy (the Cookie Law), GDPR, CCPA, and others by providing a centralized platform to track data and automate privacy processes.
2. It helps organizations track the full lifecycle of their personal data fows, analyzes them against global regulations to understand risks, communicates directly with customers, employees, and vendors to capture consent, handles privacy-related requests, and responds appropriately in the event of an incident.
3. It also handles third-party risk management for any vendors a company may work with. These features are all provided either as a cloud-based software as a service, or an on-premises solution, depending on the customer in question.

Among its current customers are Oracle, 21st Century Fox, Kickstarter, Allianz, and Marriott.

My take

The backstory of how OneTrust came together so quickly is a great example of how having the right people in the right place with the right solution at the right time is the key to rapid success.

Founder Kabir Barbay, a Georgia Tech graduate and privacy specialist, was Director of Product Management at AirWatch, the mobile device management company acquired by VMware in 2014 for $1.5 billion. Serial entrepreneur Alan Dabbiere, who is the co-chairman of OneTrust, had been the chairman of Airwatch. Airwatch's CEO and founder, John Marshall, is OneTrust's other co-chairman. They were both impressed with Barbay's management skills and his grasp of how data privacy compliance was about how to become a huge new market. When Barbay unveiled his plans for OneTrust, they rushed to invest and participate.

The timing seems perfect. After years of being left blissfully alone, the era of Big Tech regulation is just beginning. OneTrust has obvious growth potential by expanding its customer base and adding new services. A number of competitors have sprung up but the company is off to a fast start by providing valuable tools to organizations now to help them stay out of trouble in the brave new regulatory world.

If I were a betting man…