Privacy and compliance startup OneTrust doubles up

It seems like only yesterday when we wrote about OneTrust the Atlanta-based privacy and compliance management startup that had just landed a remarkable $200 million in series A funding from Insight Partners and acquired official unicorn status. Actually, it was seven months ago, and, as it turns out, that was just the opening salvo.

The company recently announced a $210 million series B round led by Coatue and Insight partners, bringing its total raised to $410 million and doubling its valuation to $2.7 billion.

A glance at the growth figures shows why. Seven months ago, the four-year-old company had a team of 1,000 employees and more than 3,000 customers in over 100 countries.Today, it has more than 1,500 employees and 5,000 customers.Nearly half the Fortune 500 companies now use its product suite, including brands like Aetna, Randstad, Steelcase, Vevo, Oracle, Marketo, Akamai, Criteo, 21st Century Fox, Adobe, Tealium, Okta, Salesforce, and Kickstarter.

Said CEO Kabir Barday:

We’ve clearly experienced substantial growth and it's really been fueled by all the activity and what you see happening in the market, the CCPA, GDPR, ISO27001 and hundreds of the world's privacy and security law and the many other regulatory frameworks that are developing around the globe. Everyone is putting more and more scrutiny on all companies and all businesses in all industries of all sizes on, what are you doing with our data and how are you building better governance and control and protection around it.

The company won’t talk about 2019 revenues but the Atlanta Business Chronicle previously reported that OneTrust had seen a staggering 22,000 percent revenue growth from 2016 to 2018, making it the fastest growing company in the Atlanta area.

Barday, a former developer at BlackRock and previously director of product management at VMWare, anticipated the nearly $51.5 billion compliance management market’s growth in 2016 when he founded OneTrust with cochair Alan Dabbiere, a cofounder of Manhattan Associates and AirWatch. (Barday was an early employee at AirWatch, which raised $200 million in 2013 before it was acquired by VMware for $1.5 billion.)

What does one trust do?

OneTrust has also expanded its platform since we last wrote about them.The company now offers technology and services covering a comprehensive list of the aspects of data protection and privacy management and trust.

Privacy Program Management - It helps companies stay compliant with privacy and security laws like ePrivacy (the Cookie Law), GDPR, CCPA, and others by providing a centralized platform to track data and automate privacy processes.It streamlines the intake and fulfillment of consumer and subject rights requests and allows customers to benchmark against their peers, map and inventory records of processing, and generate custom reports as data flows through their organization.

Consent and Preference Software - It helps organizations track the full lifecycle of their personal data flows, analyzes them against global regulations to understand risks, communicates directly with customers, employees, and vendors to capture consent, handles privacy-related requests, and responds appropriately in the event of an incident.

Vendor Management - It also handles third-party risk management for any vendors a company may work with. These features are all provided either as a cloud-based software as a service, or an on-premises solution, depending on the customer in question. It assesses IT and non-IT vendors, direct suppliers, services, legal organizations, franchisees and retailers, agents, and contractors with risk mitigation workflows and ongoing monitoring.

Regulatory Research Software - OneTrust says its DataGuidance database--updated daily by over 50 in-house privacy and security researchers and a network of 500 lawyers across 300 jurisdictions--is the world's most in-depth data set of privacy and security regulations.Admins can search across over 10,000 associated templates, guidance case law, and resources.

Integrated Risk Management Software – The company’s Governance, Risk and Compliance (GRC) is a suite of integrated risk management products to identify, measure, mitigate and monitor risk across operations.

Ethics & Compliance Software – Provides a central platform to automate ethics and compliance program requirements.

If you’re wondering what the company plans to do with all that money, Barday says OneTrust plans to use the combined funding to continue to invest in meeting the widespread demand for its technology platform and scaling its services, support, and partner ecosystem globally and adding new capabilities to the platform through both organic and inorganic innovation.

My take

OneTrust appears to be one of those startups that is in the right place with the right product and right people at the right time. From launch to number one most widely used privacy, security and trust technology platform in only four years is a huge accomplishment. We love unicorn stories where the money comes looking for the company instead of the other way around because it suggests to us that the firm's vision and purpose is in the customer concern wheelhouse.