Discover the impact of the Tennessee Information Protection Act (TIPA), passed on April 21, 2023, as it reshapes the US privacy landscape with new requirements for businesses, including risk assessments, data minimization, and opt-in consent for processing sensitive information, effective July 1, 2025.
Automation is key to freeing up valuable time and resources that can then be dedicated to other areas of your compliance program.
Governing and de-risking your organization’s data should be top priority
Finding and classifying data is just the first step in your discovery and security process
Automating data discovery is the first step in classifying obsolete digital information
Look back on five years of the EU’s General Data Protection Regulation with expert views infographics, eBooks, and more
Read more to answer frequently asked questions around first-party data and how your organization can take advantage of it
Data governance is needed for organizations to meet compliance requirements
Unused digital information is an easy target for hackers, increasing your organization’s risk
With the latest statement from the White House on responsible AI, it’s clear AI is firmly in the spotlight. Find out how your organization can establish a foundation to address AI risks.
Google announced their latest requirements around consent management platforms for organizations that utilize their network for ads
Learn how to integrate AI governance into your product strategies to achieve responsible AI use
Enhancements to our Trust Intelligence Platform help organizations unlock the value of trust
Is your compliance program ready to do the right thing and step up and own up to misconduct?
Tooling can create benefits for the organization while staying compliant with regulations
Learn how a "policy on policies" can help create a framework for effective ethics policy governance and risk management.
Learn how privacy professionals can guide their organizations towards responsible AI adoption by developing a comprehensive AI strategy that integrates privacy considerations, fostering a privacy-focused culture around AI decision-making, and navigating the risks of AI.
How do you alleviate audit fatigue in your InfoSec team? Here are 5 practical remedies to reduce the stress and workload of frequent security audits
Establish data retention and minimization policies to reduce your organization’s attack surface
The NIST AI Risk Management Framework can help your organization to manage the risks associated with AI. Read the blog to learn how.
Learn how OneTrust Data Discovery uses AI, machine learning, and privacy by design to ensure responsible and compliant data governance.
The Indiana Consumer Data Protection Act will be set to take effect in 2026.
What is InfoSec compliance? Learn why compliance is essential for your organization and how it safeguards against cyberthreats.
Privacy has evolved beyond compliance. See what Forrester analyst Enza Iannopollo had to say about making privacy and trust a strategic imperative
Learn about the EU Sustainable Finance Disclosure Regulation (SFDR), what it means for ESG investments, and how companies can comply.
Discover the impact of the Tennessee Information Protection Act (TIPA), passed on April 21, 2023, as it reshapes the US privacy landscape with new requirements for businesses, including risk assessments, data minimization, and opt-in consent for processing sensitive information, effective July 1, 2025.
Learn how your organization can prepare for new regulations around carbon emissions in imported goods
The bill is now on track to be the next state to sign a comprehensive state privacy bill into law
Tealium IQ launched Consent Integrations for their tag management system, enabling seamless privacy-first marketing campaigns
Take control of your organization’s data protection program by following these three priorities. The second priority – take action.
How Canadian companies should respond to the new Consumer Privacy Protection Act (Bill C-27).
Vietnam has finally published its Personal Data Protection Decree (PDPD). We cover its key points and how business can prepare for compliance.
Today, we’re excited to announce the partnership between Dow Jones Risk & Compliance and OneTrust Third-Party Due Diligence.
We explore the issue of data sprawl and how data classification automation tools can help mitigate it.
See how OneTrust leaders build trust by focusing on people, product, and process.
The My Health My Data Act, also known as House Bill 1155, provides stronger privacy protections for consumers in relation to their personal health data.
Data transfers to the US via a tracking pixel tool by a prominent global technology company were found to be in violation of the GDPR by the Austrian DSB.
OneTrust Consent and Preferences integrates with Adobe Experience Platform so businesses can provide personalized experiences and comply with regulations.
OneTrust's data discovery capabilities make it easier for businesses to understand and use data responsibly by connecting and classifying existing data.
Governor Reynolds of Iowa signed SF262, An Act Relating To Consumer Data Protection offering a more business-friendly approach to privacy.
Businesses are dealing with unprecedented amounts of digital information that needs to be monitored, managed, and secured.
Retailers can build trust with customers by complying with data privacy regulations and providing a transparent consent and preference management process.
Learn how consent management is essential to build trust and delivering personalized customer experiences by collecting and using data responsibly.
Businesses need a comprehensive third-party management strategy covering all aspects of their relationships with third parties, such as security, privacy, ethics, and ESG.
The UK Data Protection and Digital Information Bill aims to reduce the administrative burden on businesses, promote international trade and reduce consent notices.
ESG governance is becoming increasingly important as companies face pressure from stakeholders to address environmental, social, and governance issues.
Sharing information and resources across organizational silos is mutually beneficial for teams with the common goal of mitigating data privacy risk.
Our GRC experts discuss how privacy and security compliance are evolving to meet modern market demands and ushering in a whole new era of automation.
The Standard Contractual Clauses (SCC) and their measures set additional rules for transferring personal information data from the People's Republic of China.
Security frameworks are roadmaps for developing and implementing effective security programs that protect organizations from threats and vulnerabilities.
Learn five top functional categories GRC professionals and leaders identify as priorities for creating a mature and meaningful automation strategy.
Learn how to build, measure, and grow your speak-up program to foster trust, shared responsibility, and the highest standards of ethical conduct.
Learn more about the ICO's "Privacy in the product design lifecycle" guidance and how you can implement Privacy by Design (PbD) in your organization.
Cybersecurity, third-party risk, and other policies fall under the GRC domain. Here are the top 10 emerging drivers and trends shaping security compliance.
IAB Tech Lab, the digital advertising technical standards-setting body, recently announced the launch of its Global Privacy Platform (GPP).
DPOs must have visibility into what teams are doing and work closely with the CISO to help direct organizational processes toward data protection and security.
In 2023, we are focused on continuing to innovate across this platform, focusing on the core areas of privacy, security, ethics, compliance, and ESG.
Learn how effective policy management drives employee engagement and strengthens your company speak-up culture.
OneTrust Certification Automation facilitates the compliance and audit process to help you achieve security certifications in half the time.
The partnership with Supply Wisdom brings compliance, financial, location-based ESG, and cyber risk data to Exchange customers and their third parties.
Creating a strong, healthy speak-up culture requires you to empower all participants, including third parties, to raise issues related to ethics and compliance.
This standard looks to define clear rules for organizations around how consumers’ personal information is processed and how consumer privacy is addressed throughout the product lifecycle
With two objectives of the EU Taxonomy in effect, make sure your organization is on top of compliance with new ESG reporting requirements.
The California Attorney General declared an investigative sweep of mobile apps that don't comply with certain CCPA opt-out and consumer request provisions.
Five new US state privacy laws mean five new sets of opt-out requirements. Learn how to make sure your organization maintains compliance in 2023.
As norms and standards continue to evolve, you should be prepared to respond with your own ESG reporting strategy and management.
The latest version of the draft Colorado Privacy Act regulations is based on the outcome of the public consultation held between October 2022 and January 2023.
Data Privacy Day 2023 is a great chance to raise awareness of privacy and data protection issues from around the world and your organization.
This guide provides everything your business needs to know about the upcoming EU ESG regulation - the Corporate Sustainability Reporting Directive (CSRD).
Healthy disclosure rates are an indicator of a strong speak-up culture. Discover how to improve disclosure participation and engagement.
OneTrust has developed an Android SDK scanner to comply with Google Play Data safety while supporting the new UK app Code of Practice.
After violating the GDPR, the Belgian DPA approved an action plan to bring the processing of personal data within the IAB TCF into compliance with the GDPR.
Continuous improvement is a method of operationalizing improvement to processes, products, or other aspects of a business through a cycle of repeatable steps.
The Third-Party Risk Exchange allows businesses to learn more about each other's security posture, offer SIG Lite assessments on-demand, and more.
We partnered with the Data & Marketing Association (DMA) (UK) to research how marketers manage their data and the value they realize using CMP systems.
OneTrust CEO Kabir Barday recently participated in a panel discussion with Deloitte at CES, discussing how to build digital trust to drive business performance.
CPRA’s health information exemption is not a blanket entity exemption, meaning HIPAA-compliant organizations may still need to consider its requirements.
Stay up to date with the latest news in US state privacy law, with bill highlights, legislation status, and resources to help your organization stay compliant.
EFRAG has released first draft European sustainability reporting standards as part of the EU Corporate Sustainability Reporting Directive.
Everyone wins when you shine a light on your ethics and compliance helpline and build a speak-up culture that reflects your organization's values.
Learn how your organization can utilize targeted ads while still being compliant by following these three steps to ensure you prioritize your user's privacy.
From a new focus on ESG to a renewed need for cybersecurity, third-party and vendor risk management solutions have become a priority for organizations.
The CPRA has new consumer rights for California residents and employees, meaning new obligations and rights requests are coming your organization's way.
More data, more costs, more risk. More value? That’s up to how your organization makes use of data retention and minimization principles.
Privacy Impact Assessments, Data Protection Impact Assessments, and Transfer Impact Assessments are vary greatly in terms of what, why, and when.
Due to the Directive, your whistleblower hotline, retaliation policies, and compliance program may require a revamp, even if your employees are not in the EU.
The European Parliament and Council adopted the CSRD to make businesses more publicly accountable for their societal and environmental impacts.
The California Privacy Rights Act (CPRA) follows up the CCPA with new and expanded rights, retaining the toll-free number requirement.
If your team receive cuts, follow these recommendations to prioritize resources for critical activities, do more with less, and continue to achieve key outcomes.
As global organizations begin to adopt key ESG principles, it's critical to pivot your business strategy to address sustainability.
Our guide will help you better understand the five state privacy laws and how they will define the US privacy landscape in lieu of a federal privacy framework.
A well-designed compliance program should apply risk-based due diligence and have a process for the full lifecycle of third-party risk management
Learn three key takeaways from COP27, which includes reinforcing the growing demand for true and accurate reporting on climate risks for investors.
Trending Toward Trust is the new 2023 report from OneTrust, highlighting some of the most significant trends that will shape trust in organizations.
To help organizations take a holistic approach to the third-party contracting and risk management process, OneTrust has partnered with Ironclad.
The California legislature amended the CCPA , recognizing the conflict between the CCPA and sectoral frameworks such as the Gramm-Leach-Bliley Act.
At COP27, the UK announced The Transition Plan Taskforce Disclosure Framework aiming to strengthen reporting requirements for companies in the UK.
Sapin III will soon expand the French commitment to detect and punish corruption – how will you and your compliance team need to adapt?
Understand what your company needs to achieve SOC 2 compliance and protect customer data. Read more about the seven myths about SOC 2 compliance.
CPOs track risk via data mapping, in which data is discovered, assessed, and tracked as it flows throughout the organization, including to third parties.
An effective COI program will identify and mitigate these organizational risks through effective employee engagement, analysis, and periodic review.
The US proposes a climate risk rule requiring major suppliers to disclose greenhouse gas emissions and set science-based emissions reduction targets.
The annual COP is the largest and most important climate action event of the year and is a critical step in prioritizing collective efforts to fight climate change.
Ransomware attacks are costly to a company's bottom line and reputation, but having greater knowledge of your dataset can reduce the impact of an attack.
SOC 2 is a voluntary compliance standard for managing customer data while outlining the minimum requirements to maintain your customers' security.
After this year's DOJ updates, corporate compliance officers must update their executive teams and boards of directors on the new approach to enforcement.
PIPEDA is a Canadian federal privacy law that aims to regulate the use of personal information in commercial activity by private-sector organizations.
Since its passing, the CCPA and its accompanying regulations have undergone several modifications. Here's your guide to understanding them better.
The founder of Fractional CISO, Rob Black, identified nine key considerations to guide the vendor evaluation process and reach your SOC 2 compliance goals.
We are partnering with RiskRecon, a Mastercard Company to make cybersecurity ratings available out-of-the-box to all Third-Party Risk Exchange customers.
In this blog, we’ll go over questions around the GLBA, NIST, GPC, and PIAs in California and HIPAA and explain how your organization can comply.
On January 1, 2023, the California Privacy Rights Act (CPRA) will expand and amend several aspects of the CCPA, including consumer rights.
CCPA consumer rights such as the right to opt out of the sale of personal information, have resulted in critical challenges. Learn how OneTrust helps.
Collecting, managing, and activating first-party data will enhance customer experience by providing customers with the right experience at the right time.
Security teams can help create and champion organizational trust despite interdepartmental silos
The International Organization for Standardization (ISO) released its first framework, the 27001, that outlined a cybersecurity foundation for businesses.
The cybersecurity awareness hub pulls resources from our experts on the Security CoE, GRC, Privacy, DataGuidance, and TPRM teams to a central resource.
Prepare for ISO 27001 certification with a scope statement that defines your company’s information security management system.
In 2021, there was a 62% global attack spike in ransomware (158% increase in North America), and an increased focus on attacks by regulatory bodies.
The Cybersecurity and Infrastructure Security Agency’s (CISA) created cybersecurity awareness month with the intent to educate and promote online safety.
Learn about the pivotal EU law, GDPR, that could affect how your company approaches customer data protection and privacy US-based company.
As the technological landscape continues to evolve, teams are seeing increases in compliance obligations, regulations, and the proliferation of cloud technology.
With the season of holiday parties and corporate gifting around the corner, autumn and winter are jam-packed with potential conflicts of interest.
As the privacy world readies itself for a new data privacy framework between the US and the EU, let's look at what it means for organizations moving forward.
The changes to our new OneTrust logo and brand identity represent the next era of our company as the market-defining leader in Trust Intelligence.
OneTrust and Microsoft are partnering to expand the options available to Chief Data Officers (CDOs) to address this challenge of visibility and governance.
Giving a compliance presentation to the board of directors can be a nerve-wracking experience, but these ten guidelines will set you up for success.
An organization's ability to demonstrate its ESG credentials transparently has become a vital business differentiator and a critical part of trust conversations.
To become a trust-based business, protect your brand's reputation, and ensure compliance, you'll need to vet and monitor your third-party relationships.
Not all SOC 2 components can be automated, but those that can save your business time and money. Learn more about what can be automated for SOC 2.
When addressing climate change impact across the enterprise, it's important to consider not only your internal impact, but external influences.
According to the DOJ’s guidance, it’s necessary to prioritize due diligence, questionnaires, and contracting with the third parties that present highest risk.
Systems and Organization Controls 2 is an attestation that evaluates your company’s ability to securely manage the data you collect from your customers.
Learn how HIPAA and HITRUST frameworks compare, which is required for your information security compliance and protection of patient health information.
OneTrust simplifies third-party management by enabling control and visibility throughout the entire third-party lifecycle while you manage third parties.
Companies are choosing to adopt a trusted security framework, and ISO 27001, as a globally recognized certification, is the framework of choice for many.
As more customers are concerned with data protection, a security-focused sales process can help win more deals.
HIPAA and GDPR are leading frameworks that protect the privacy of individuals. Learn the difference between the two.
In a OneTrust-hosted webinar, we discussed the common pitfalls of policy management for InfoSec teams with the Director of Information Security at Arcadia.
Get the latest information about updated consumer rights, expanded employee rights, and privacy risk assessments, and learn to operationalize them.
California's new law, AB 2273, known as the California Age-Appropriate Design Code Act (CAADCA), protects minors and their data on the Internet.
Learn the key points of ISO 27001 Annex A controls and how they affect the overall audit process for your organization.
Your Statement of Applicability for ISO 27001, otherwise known as your SoA, is a mandatory step for anyone planning on pursuing ISO 27001 certification.
A defined change management process enables your organization to mitigate risk and reduce disruption.
Centralized information management system SyncMonkey took a proactive approach to security by investing in certification automation
ISO 27001 and NIST CSF are two cybersecurity guidelines with significant overlap. Learn how they work together to increase information security
The CPRA will extend new rights for employees which will present a unique set of challenges for organizations. Read the blog to learn more.
In this blog, we’ll discuss the three stages of building your InfoSec program in more understandable terms, so you can get started getting more secure.
Effectively Measuring compliance can prevent reputational damage, protect the bottom line, and potentially avoid costly fines and enforcement action.
The GHG Protocol Corporate Standard defines three types of GHG emissions - Scope 1 (direct emissions) and Scope 2 and Scope 3 (indirect emissions).
ESG programs can be challenging to build and manage as they cross organizational boundaries and have multiple internal and external stakeholders.
New regulations around the world are focused on human rights, environmental risks, and labor rights, creating a new set of obligations for companies.
Organizations must be able to justify and maintain meticulous records of how and why they’re using data downstream from the point of collection.
A company’s Corporate Carbon Footprint (CCF), is the total amount of GHG emissions that are directly or indirectly caused by a company’s activities.
The Global Privacy Control (GPC) empowers users to signal their chosen privacy settings to websites and services through their browser.
Let’s explore building your own data governance framework, including the benefits and questions to ask yourself and your team when undergoing the process.
Data governance tools can help you enhance the privacy, security, and integrity of your data while adding value to your business.
OneTrust is a team of people who are collectively passionate about innovation and technology while supporting career development and growth.
On August 9, 2022, Max Schrems’ noyb lodged 226 GDPR-related complaints with 18 authorities against websites for cookie banner compliance.
Privately-owned companies in the U.S. and Europe are potential targets for the Sarbanes-Oxley Act (SOX) and EU Directive retaliation lawsuits.
On July 27, 2022, Google announced that they are postponing the deprecation of third-party cookies on Google Chrome to 2024. Here's what to know.
The ADPPA is emerging to have the strongest chance of success after being passed after the House Energy and Commerce Committee voted 53-2 in its favor.
A successful policy management program will help you establish governance, achieve compliance, and reduce business risk.
The ISO 37002 is a framework for setting up and maintaining a whistleblowing hotline that adheres to the highest standards as outlined by the ISO.
This ESG 101 blog takes a closer look at the Social in ESG: what it is, why social impact is important, and how to map it to Sustainable Development Goals.
The CPPA announced on July 8, 2022, that it is beginning the process to adopt regulations to implement the Consumer Privacy Rights Act of 2020 (CPRA).
We will look at the top six best data governance practices to ensure your organization's program delivers and is efficient and effective.
After blowing the whistle on South Africa's LeisureNet, Wendy Addison lost her job, survived poverty, and spent decades rebuilding her life and career.
It’s essential that your organization's whistleblowing processes account for the requirements of both GDPR and the EU Whistleblower Directive.
GRC tools eliminate the worry of managing regulatory requirements and provide actionable insights to improve your GRC approach, aligning key risk initiatives.
There are 7 key elements that you can use to evaluate potential vendors or measure your current hotline provider to comply with EU Whistleblower Directive.
As a result of OTT/CTV’s precise targeting capabilities and addressability, advertisers can tap into significant opportunities through this particular advertising medium.
Marketers are data-driven and need to capture and process data through different systems, including Salesforce Marketing Cloud and Sales Cloud.
The Science Based Targets initiative is a coalition that promotes SBTs to facilitate and strengthen business participation in the shift to a net-zero economy.
June 23 marks World Whistleblower Day, highlighting whistleblowers' importance in fighting corruption along with ways to support these brave individuals.
Your company likely has an anti-retaliation policy, but is it enough to meet the new requirements within the EU Whistleblower Protection Directive?
Our team of regulatory experts monitors the global privacy landscape to interpret what current trends and milestones mean for maturing privacy programs.
Thinking like a marketer will help push users to enact certain behaviors and drive engagement to your Code of Conduct and improve compliance.
The information gathered from security questionnaires is critical in the evaluation of business and security practices, and is crucial for compliance.
This ESG blog series defines ESG and sustainability: what are ESG topics, why are they important, and how to map the three pillars of a sustainable business.
Due to the downturn in the capital markets, OneTrust reduced its workforce by 25% in June 2022, laying off 950 employees worldwide.
As you prepare for what’s ahead, OneTrust’s team of experts has rounded up the most significant considerations for your privacy strategy in 2023 and beyond.
Avoid the pitfalls of a manual GT&E policy and disclosure management process, going on the offensive with OneTrust's fully integrated platform.
Read our blog to learn about the differences between Google Data Safety and Apple Nutrition Labels requirements and why it matters.
To congratulate Lisa on winning 2022 Tech Trailblazer, we sat down to discuss her journey to becoming a "Tech Trailblazer" and why building trust is essential.
On June 3, 2022, a draft of a comprehensive federal privacy bill, known as the American Data Privacy and Protection Act (ADPPA) was released.
Learn how to set up a consent governance strategy across your organization to achieve privacy-centric data capture, distribution, and activation.
Let's go through four steps you can take to set up your data governance program effectively by leveraging the right tools and technologies.
IFRS releases more details on integration of VRF as part of consolidating Environmental, Social, and Governance (ESG) disclosure standards.
The introduction of the GDPR marked a new age in data protection legislation, opening the door to a growing global regulatory landscape.
The TrustWeek 2022 Award Winners have been announced! The OneTrust team came together to recognize our bright and talented customers.
Take a closer look at The Trust Intelligence Clouds, dedicated to solving today’s critical business challenges around trust and transparency
OneTrust is excited to unveil the Privacy and Data Governance Cloud, empowering organizations to go beyond compliance and enable trusted data use.
The OneTrust ESG and Sustainability Cloud empowers you to drive change, demonstrate impact, and foster trust through enhanced transparency.
The OneTrust Ethics and Compliance Cloud enables ethics, compliance, HR, and legal teams to unite people, process, and technology.
OneTrust launches holistic GRC and Third-Party Management solutions for proactive cybersecurity and compliance practices.
The Trust Intelligence Platform delivers visibility across trust domains, action based on AI and regulatory intelligence, and automation to build trust by design.
Food delivery, convenience stores, and healthcare, to live entertainment - learn how customers are making trust the center of their business.
OneTrust launched the world's first Trust Intelligence Platform to empower companies and organizations on their trust transformation.
May 2022 cybersecurity regulation updates have brought four key legislations across US and EU regulatory bodies to our attention. Learn more.
A dedicated whistleblower hotline is a vital tool for increasing organizational trust and strengthening your speak-up culture.
Now with OneTrust's integration of Google Consent Mode, OneTrust facilitates important implementation steps for easier setup.
OneTrust is expanding its partnership with SecurityScorecard to enable Third-Party Risk Exchange customers to view complementary Cybersecurity Ratings.
The EU Data Governance Act aims to increase trust in data sharing, data intermediation services, and encourage data altruism in the EU.
Samsung Ads, the advertising division of Samsung Electronics, has tapped OneTrust Consent and Preferences across Samsung TV Plus in Europe.
Find out how to prioritize employee mental health as part of your ESG program to build trust with employees and other stakeholders.
The ultimate guide to Thai PDPA compliance highlights key requirements for organizations processing personal data in Thailand.
Compare three major ESG reporting frameworks and sustainability reporting standards side-by-side: CDP vs. SASB vs. GRI.
Learn how to replace outdated, lengthy, static PDF compliance documents with an Interactive Code of Conduct employees will actually read.
Avoid analysis overload with focused risk and performance indicators
With the deprecation of third-party cookies in 2023, marketers and advertisers are examining what's next for their first-party data strategies.
Connecticut is the 5th state in the US to pass a comprehensive privacy law, the Connecticut Data Privacy Act, or, CTDPA.
On July 20, 2022, all developers on the Google Play store will need to declare how they collect and handle user data for apps they publish on the platform.
Global Reporting Initiative 101: A practical guide to GRI reporting, what it is, how the GRI Standards work, who uses it, and more.
Businesses have a semi-structured data model, made up of two types of data: unstructured data and structured data, exposing them to the risk of data loss.
The Digital Services Act (DSA) aims to legislate against the spread of illegal content and protect the fundamental rights of EU citizens.
The Dubai Financial Services Authority (DFSA) announced and implemented a new regulatory regime to protect whistleblowers.
With data privacy regulations popping up more frequently than ever, the Global Cross-Border Privacy Rules (CBPR) Forum was just launched.
Download a simple conflict of interest disclosure template and learn how to effectively manage COIs with OneTrust.
Follow OneTrust's eight security questionnaire best practices to prioritize holistic data gathering across your vendor ecosystem.
Privacy program automation reduces manual, time-consuming, and often disjointed compliance and governance processes. Read on to learn more.
Learn about all things Sustainability Accounting Standards Board: the SASB materiality map, SASB standards, why financial materiality matters, and more.
With the amount of data and metadata aggregated and collected by companies growing by the day, make sure that it's managed effectively.
Find out what the CDP (Carbon Disclosure Project) reporting framework is, how it works, who uses it and the benefits of a CDP report.
In this blog, we outline five best practices to help organizations build and manage a security questionnaire answer and document library.
TCFD ESG disclosure requirements: Canada and the U.K. join a growing list of countries adopting TCFD reporting mandates.
To manage your data effectively, you need a data governance solution that protects the privacy of the data and adds value to your business.
Develop an ethics and compliance training program that meets legal requirements and engages your employees, while covering all the essentials.
Are you managing conflict of interest disclosures or COI effectively? Learn how to improve disclosure management and minimize risk with OneTrust.
Leveraging a CMP that loads server-side positively impacts website performance, provides a user-friendly experience, and helps you stay compliant.
Responding to security questionnaires is time-consuming. Follow our security questionnaire guide to save time on your next questionnaire.
A zero-day Java vulnerability, "Spring4Shell" surfaced and experts believe it could be as impactful as 2021's Log4j. Read to learn more.
The proposed IFRS sustainability disclosure standards bring us closer to a globally consistent, common set of ESG disclosure standards.
The Amendment Act, including data breach reporting and stricter data transfers, was approved to the current Act on the Protection of Personal Information.
Unpack the strategic value of a speak-up culture, how to improve it, and how it can become your early warning system for challenges.
As a growing number of regulators call for tighter data localization requirements, keeping up with data localization laws can be a challenge.
Without visibility and oversight across the third-party landscape, risk to your business will become untenable.
Preference management empowers consumers to take control of their relationship with a brand, providing users with more power to control their privacy.
EU and US negotiators have been working towards a solution for EU-US data flows since the invalidation of the EU-US Privacy Shield.
Identify areas for improvement and spaces to celebrate successful culture building through quantitative and qualitative measurements.
On March 24, 2022, the UCPA was signed into law by Governor Spencer Cox, becoming the latest addition to comprehensive state privacy laws in the US.
The ICO International Data Transfer Agreement and Addendum to EU SCCs took effect on March 21, 2022. Read the blog to learn more.
Carbon offsets: Learn more about offsets, how they work, how they can help companies go climate neutral, and how they help protect forests.
The proposed SEC ESG disclosures rule would require public companies to disclose GHG emissions and other climate change risks.
The right ESG software tools can help organizations manage environmental, social, and governance expectations more efficiently and intelligently.
Increase the number of reports you receive and build a stronger Speak-Up Culture by implementing these strategies and practical initiatives.
TrustWeek 2022 brings together thought leaders across Privacy and Data Governance, GRC and Security Assurance, Ethics, and ESG & Sustainability.
The German Supply Chain Due Diligence Act is designed to enhance risk management throughout the third-party supply chain.
What is organizational trust, why does it matter, and how do you measure it? Learn more about an ethics-driven approach to trust.
On March 4, 2022, the EDPB announced that it had adopted its final guidelines on codes of conduct for data transfers under the GDPR.
Every day and every interaction becomes another opportunity to showcase your company's commitment to honesty, integrity, and justice.
OneTrust has been named a Customers' Choice in the 2022 Gartner Peer Insights ‘Voice of the Customer': IT Vendor Risk Management Tools.
Digital transformation makes cybersecurity critical to protect the organization, maintain resilience, and compete in today's digital business environment.
Introducing QRA cell detection – a powerful QRA enhancement that eases the spreadsheet-based questionnaire response process for vendors.
Small businesses need to develop GDPR privacy programs to protect personal data, build consumer trust, and avoid penalties for non-compliance.
President Joe Biden issued an Executive Order on the new EU-US DPF, allowing for the enhanced protection of transferred personal information.
OneTrust has been named a Leader in The Forrester New WaveTM: Sustainability Management Software, Q1 2022, by Forrester Research, Inc.
On February 23, 2022, the European Commission proposed a regulation on the use and access of data stemming from the EU (EU Data Act).
Audit, measure, and report on your portfolio companies' Environmental, Social, and Governance metrics with OneTrust ESG Investor Portfolio Management.
EU-US data transfers continue to cause organizations problems following the Schrems II decision. Is Bring Your Own Key the solution?
A Chief Trust Officer (CTrO) helps the business fulfill its promises to customers and stakeholders on security, privacy, data, ethics, and ESG.
Understand why publishing corporate ESG reports is vital to customers, employees, and investors who want to know what your impact is in this area.
The EDPB launched its first coordinated enforcement action on the use of cloud services in the public sector across the EU.
Third-party risk management is key to any business. Learn how to master the TPRM lifecycle across your organization in our newest video blog!
Brazil's General Personal Data Protection Law (LGPD) entered into force on September 18, 2020. Read the blog to learn more about LGPD compliance.
Using Audience Logic functionality with consent management, tailors unique digital experiences based on persona, demographics, or channels.
Join us for TrustWeek 2022, OneTrust's fifth annual user conference—with live, in-person global events and a robust virtual experience.
What is CISO trust? As companies face more risk vectors than ever before, establishing trust is critical for the CISO. Read to learn more.
Data transparency creates trust, and that trust leads to customer loyalty—a winning strategy for building lasting relationships with buyers.
Accurately classifying data gives your organization a clearer picture of the regulatory requirements attached to it. Get Started with OneTrust Data Discovery.
Gordy Wyatt, OneTrust's North America Channel Director, has been named a 2022 CRN Channel Chief. Learn more about OneTrust's partner program.
Make the business case for TPRM in your organization and get access to our TPRM buy-in guide to learn how! Read the blog to learn more.
Oracle and OneTrust are teaming up to provide strategic guidance for building a powerful and modern marketing strategy in 2022.
We recently discussed the benefits of an automated data map. In this article, we answer the most popular questions from the audience.
January 28 is Data Privacy Day, the international day to empower people and businesses to respect privacy and build trust.
This video walks through the steps your organization can take to enhance your DSAR process with automation, including redaction.
Third-Party Trust Management (TPTM) is the next evolution of third-party risk and is key enterprise trust strategy. Learn more in our blog!
In this article, we answer your most frequently asked iOS app account deletion requirement questions. Learn more about the impacts.
How can privacy teams keep tabs on operational goals while juggling strategic planning? By effectively utilizing the resources available.
By operationalizing data retention, organizations can take another step towards securing consumer trust and demonstrating compliance.
The Austrian DPA issued a decision in the analytics provider case finding that an EU website operator had violated Article 44 of the GDPR.
Learn how to capture and manage zero and first-party data using OneTrust Consent & Preference Management as we approach the end of third-party cookies.
Implementing a CMP that uses a balanced global CDN system paired with asynchronous loading is crucial to your business.
We're excited to announce that OneTrust has been named a Leader in the KuppingerCole Leadership Compass for Privacy and Consent Management.
Take a look into some of the top reasons why employees might make an access request and how employers can prepare for when they do.
Learn how to drive personalization and nurture brand trust with data transparency, data enrichment, and ethical data activation.
As 2021 comes to a close, OneTrust highlights the biggest enhancements and milestones of its market-leading consent management platform (CMP).
On October 6, 2021, Apple introduced a new account deletion requirement for App Store submissions starting on January 31, 2022.
Today we are proud to announce our $300 million Series C funding round at a $5.1 billion valuation! Read all about it.
In 2021, TPRM and cybersecurity remained at the forefront of business strategy, so what's next? Learn about 2022 TPRM predictions in our blog!
Learn about the impact of third-party service outages and how to stand up a TPRM-informed business resilience strategy in our latest blog.
The Mobile App Scanning API helps support CI/CD pipeline for developers - a scalable API for uploading, scanning and re-scanning apps.
A new, critical vulnerability that impacts a popular open-source Java logging library, Apache Log4j 2 exists. Read more in our blog.
The European Union passed the first part of its EU taxonomy rulebook on climate-friendly investments, applying on January 1, 2022.
On December 3, the EU announced that it had agreed its general approach to the text of the NIS 2 Directive. Read to learn more!
OneTrust has acquired Planetly, the Climate Action, and Carbon Management company, to help businesses transform to net-zero emissions.
Through the OneTrust CMP Wizard, businesses can use a guided step-by-step interface to scan their website for cookies and trackers.
Protecting personal data is a multi-functional operation. Learn how prioritizing privacy and IT Risk for assets can help your organization on its journey to trust.
By ensuring all organizational data is unified under one system, teams can unilaterally manage data policies with automation.
The CISO plays an important role in establishing trust and keeping workflows across the enterprise secure. Learn more in our blog!
On December 1, 2021, the TTDSG will enter into force implementing new cookie consent requirements in accordance with the ePrivacy Directive.
A new comprehensive personal data protection law was enacted in the UAE on November 29, 2021 as part of a broad federal reform package.
On November, the Belgian DPA issued a press release on its draft decision in the case against IAB Europe relating to its Transparency & Consent Framework.
The UK Information Commissioner's Office (ICO) released its opinion on Data Protection and Privacy Expectations for Online Advertising Proposals.
The CNPD clarifies in the new guidelines some important distinctions about cookies regarding their types, purposes, and uses.
The JPC adopted a draft report on India's Personal Data Protection Bill, 2019 which will now be presented during Parliament's winter session.
With increasing privacy and security regulations, maturing privacy teams are using automation to scale DSAR and incident management efforts.
On November 19, 2021, the EDPB released its draft guidelines on the interplay between Article 3 and Chapter V of the GDPR for data transfers.
Expanding beyond a cookie banner to preference management allows you to turn privacy requirements into a real marketing advantage.
The US Department of Defense updated CMMC strive to simplify and strengthen the security of the defense industrial base. Read to learn more.
Our Cookie Consent Performance series dives into key ways you can maintain website authority, user experience, and compliance. Here's part 1.
Organizations need to mature and scale their data mapping programs with technology that unifies and automates data discovery.
Mozilla Firefox is the latest browser implementing Global Privacy Control (GPC), taking initiative to help users control their privacy.
The Republican Energy and Commerce Committee introduced a comprehensive draft privacy bill establishing standards for data privacy and security in the US.
The IFRS announced the formation of the ISSB and Prototype Climate Disclosure Standards during the COP26 summit in Glasgow.
All eyes are on ESG right now but how can enterprises leverage ESG and sustainability software platforms to meet and track their goals?
OneTrust, the most widely used privacy management platform, has added Microsoft's Privacy Management for Microsoft 365 integration.
As brand sustainability expectations evolve, CSOs must consider vendor risk management (VRM). Learn how to combine ESG and VRM in our blog.
Improve your organization's ESG efforts by leveraging the Enterprise ESG Cycle in your ESG management program. Learn how in our blog.
OneTrust and Snowflake have partnered to enable developers, data engineers, and data scientists to improve data discovery and governance across platforms.
Learn how to manage risk in a time-friendly, cost-effective way with low effort for your vendors with our SIG 2022 shared assessments support.
The Ultimate Guide to CCPA Compliance outlines the key areas of the law that your organization should consider. Read the blog to learn more.
Convercent by OneTrust announced enhanced global Call Center operations, aiming to have calls handled in a reporter's preferred language.
Learn how OneTrust has built a team of leaders dedicated to supporting its employees and community through the Diversity, Equity & Inclusion Council.
On September 21, Bill 64 obtained a majority vote in the National Assembly of Quebec and will become law. Read the blog to learn more.
OneTrust has been named a leader in the Forrester Wave: Governance, Risk, And Compliance Platforms Q3 2021.
OneTrust is acquiring Tugboat Logic security assurance and certification automation platform for ISO 27001 and SOC 2.
OneTrust, the most widely used consent and preference management platform captures over 3 billion consent transactions a week.
In this article, we answer six of our most frequently asked questions centered around one common theme: When is DSAR redaction necessary?
OneTrust was recognized in the 2021 Gartner Magic Quadrant for IT Risk Management for its GRC product. Access the report in our blog.
We all know policies and procedures are important, but they often end up ineffective. Learn how to maximize policies on the OneTrust blog.
Today, OneTrust announced an integration with Box to better support customers wanting to automate privacy, security, and compliance.
The deadline for signing old Standard Contractual Clauses (SCCs) into new contractual agreements is approaching. Are you prepared?
Many of the world's privacy laws contain training obligations but there are several reasons that you need awareness training. Read the blog to learn more.
You can't run a modern privacy program without a consent management platform. Learn how to bring privacy and personalization together.
For the third consecutive year, OneTrust is a leader in the 2021 Gartner Magic QuadrantTM for IT Vendor Risk Management Tools.
Apple requires apps to use an ATT prompt to request permission from end users before tracking them. Learn how implementing a CMP can help.
Prioritize privacy by implementing consent and preference management across marketing and advertising activities. Learn more in our blog.
Implementing a consistent security questionnaire answering process will save your organization time and money. Read our guide to learn more.
As of July 1, 2021, the CCPA metrics reporting obligation took effect for certain organizations. Here's what you need to know.
Read our IT risk management (ITRM) guide to understand IT risk management's impact on your organization and why it's more critical than ever.
Let's look at how this crucial marketing channel can be effectively implemented while remaining compliant with telemarketing legislation.
When you A/B test your cookie banners, your marketing goals and compliance with data regulations don't have to be mutually exclusive.
OneTrust partners with ISS Corporate Solutions (ICS) to enable new cyber risk scoring capabilities for Third-Party Risk Exchange customers.
Today we are excited to announce that OneTrust DataGovernance debuted in The Forrester Wave: Data Governance Solutions, Q3 2021 report.
Organizations faced with employee data subject access requests (DSARs) need a tool that uses automation to properly redact data.
As the volume of DSAR requests increases, organizations are turning to automation to help manage the redaction process.
The APEC Cross-Border Privacy Rules System (CBPR) is a voluntary, accountability-based system created by the Asia-Pacific Economic Cooperation.
As the new trend in ransomware attacks rises, companies need to be aware of the impact on supply chain vulnerability. Learn more in our blog.
Germany's parliament has passed the German Corporate Due Diligence Act, requiring due diligence in combating human rights violations.
The Interactive Advertising Bureau (IAB) of Canada recently finalized its version of Transparency Consent Framework (TCF) Policies.
In the massive gap left in the wake of third-party cookies going away, organizations must adjust their consent strategies.
AutoZone Goes the Extra Mile and drives TPRM operations with OneTrust Third-Party Risk Management. Learn more from Auto Zone TPRM, Ryan Walker.
Executive leadership must prioritize implementing a healthy IT asset and Risk management program in the wake of increased ransomware attacks.
Use the 4 pillars of data intelligence to better understand the data you have, how it's used, and the requirements that apply to it.
As the privacy landscape evolves, CPOs must consider vendor risk management as a key area of any healthy privacy management program.
Take a deeper look at the EDPB six-step roadmap to help identify the appropriate supplementary measures for international data transfers.
Learn about how the European Commission adopted two UK adequacy decisions in relation to the GDPR and the Law Enforcement Directive.
On June 24, 2021, Google announced it is delaying plans to phase out third-party cookies in its Chrome browser until 2023.
An incident management playbook is an actionable guide for how to report events, define responsibilities, and manage response procedures.
You can operationalize the EDPB's guidance today with OneTrust's expanded Schrems II Solutions which provide both EU exporters and importers.
What is ESG Management? It is crucial to execute a strong ESG program throughout your organization to remain competitive. Read more here.
Ecuador's new data protection regulation has become law, and establishes a national data protection authority, and regulates cross-border data transfers.
Convercent by OneTrust Third-Party Risk Management for Ethics and Compliance professionals provides a way to identify third-party risk.
Learn some challenges of creating an ESG strategy nationally and globally for your organization while addressing risk, management, and compliance.
A new China data security law takes effect on September 1, 2021 protecting data in the interest of the country's national security. Learn more.
Vendor risk management (VRM) is a form of risk management that focuses on identifying and reducing risks relating to vendors.
On June 2, 2021, Nevada Governor Stephen F. Sisolak signed the Nevada Privacy bill ((SB) 260) which focuses on Internet privacy.
OneTrust can help you track and measure your ESG goals, as social, environmental, and governance strategies become crucial in the corporate environment.
On June 4, 2021, the European Commission adopted two sets of modernized standard contractual clauses (SCCs). Read the blog to find out more.
Enforcement of the Thai PDPA has been postponed until 2022 but organizations should still prepare for an influx data subject rights requests.
Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties.
OneTrust has provided customers with a resource guide and relevant regulatory authority research following the May 31 noyb cookie notices.
Shared Assessments will remain vendor neutral post-acquistion to grow the SIG third-party risk standard globally.
Five years ago, OneTrust was founded. Today, we're celebrating five years of trust with our 10,000 customers, 2,000 employees, and community.
The GDPR is one of the most robust global privacy laws in effect today. What rights does it invoke on it's data subjects?
A foundational standard for privacy management is proving through records that you have a legal reason for collecting and processing personal data.
On May 20, 2021, the Belgian DPA announced that it had approved the EU Cloud Code of Conduct. Read the blog to find out more.
On May 17, 2021, the French Government announced its national strategy for cloud technology. Read the blog to find out more.
The 7 key GDPR principles at the heart of the law should inform every step of a modern privacy management program.
What's hidden in your files? Learn more about how unstructured data discovery can help you uncover and address hidden compliance risks.
Apple announced new iOS 14.5 requirements will now go into effect on April 26, 2021 with the release of Apple iOS 14.5.
OneTrust launched a new consent banner testing feature that allows customers to test their consent management platform before publishing.
GDPR Compliance means an organization that falls within the scope of the GDPR meets the requirements for properly handling personal data.
OneTrust acquires ethics and compliance software leader Convercent to help continue to build our Trust Intelligence platform.
The 7 Principles of Privacy by Design is a holistic approach to privacy and seamlessly integrates privacy into products, services, and system designs by default.
Be prepared to respond to Data Subject Access Requests and utilize automated data discovery with OneTrust Data Discovery.
Learn how implementing ESG best practices may benefit an organization's brand, revenue, company valuation, and market perception, as well as reduce risk.
We took your top questions and created an FAQ series to dive into our data redaction capabilities and what they mean for you.
Panama's Law No. 81 on Personal Data Protection takes effect March 29, 2021, bringing a new set of compliance challenges for organizations.
Enforcement for South Africa's Protection of Personal Information Act (POPIA) will begin on July 1, 2021 and OneTrust can help you get ready.
Apple iOS 14.5 Privacy Requirements and iPadOS 14.5 are scheduled for a spring 2021 release. The new release includes privacy features.
OneTrust's ESG solution provides organizations with environmental, social, and governance technology built in to the OneTrust platform.
Smart businesses know having a privacy program in place is just good business. Here are the best privacy program practices.
OneTrust Data Catalog is a solution for data officers, data stewards, and other stakeholders to find and utilize the data that matters most.
On April 1st, the CNIL, will begin to enforce its latest cookie recommendations. Download our CNIL Cookie Consent Guidelines Checklist today!
OneTrust launches Consent Rate Optimization, to help organizations personalize user experience and maximize opt-ins while respecting privacy.
If your organization manages PII, it's crucial to embed HIPAA compliance into your privacy program. Here's how to get started.
Virginia became the next state to officially pass a comprehensive privacy law. The CDPA sets out an increased protection for consumer data.
OneTrust acquired Redacted.ai data redaction technology and introduces OneTrust Data Redaction technology to solve a broad range of privacy use cases.
Read more to understand why data discovery for security teams is a must as businesses seek to defend against financial and reputational risk.
If third-party cookies are phased-out, does that mean cookie banners or consent management platforms (CMPs) are going along with them?
Today OneTrust announced it is the most widely used CMP with over 350,000 websites and applications using the platform for consent management.
Applying one or multiple systems to your company’s security approach is best practice
Intelligent, automated data discovery for governance teams is essential for achieving data governance and data catalog objectives.
Today OneTrust and Global Privacy Control (GPC) announced their partnership to help users control their privacy with a new browser setting.
Privacy teams need automated data discovery solutions to tackle the challenges of growing data management needs and privacy compliance.
A truly automated data discovery solution helps organizations understand their data across their business and third-party relationships.
OneTrust launches Vendorpedia Questionnaire Response Automation to support organizations in automatically answering incoming questionnaires.
This last week, the CNIL, French data protection authority, issued a €20,000 fine for sales prospecting without consent. Read more.
A holistic data governance approach is essential for any organization building effective privacy, security, and compliance programs.
OneTrust today announced our GRC policy management software integration with Microsoft Word to help company's improve policy management.
We address some CPRA questions as the CPRA's approval left many organizations questioning how to pivot their existing programs to meet CPRA compliance.
A discussion about the Schrems II decision including an explanation of the new EDPB guidelines and Standard Contractual Clauses updates.
With the significant development of the EDPB releasing their recommendations for Schrems II, we discuss what they are and what they mean.
Providing an engaging user experience can help to greatly increase opt-in rates as well as enhancing transparency around your processing activities.
Global privacy laws have continued to develop rapidly throughout the course of 2020. Recap with the "Global Privacy Laws: What's New in 2020" TrustWeek Session.
The Schrems II decision will have significant impacts on EU-US data transfers, and many organizations will need to update their programs.
The EDPB published recommendations following the Schrems II decision in July 2020, addressing surveillance and supplementary transfer tools.
On November 4, 2020, California voters passed the California Privacy Rights Act (CPRA or CCPA 2.0), but how does it compare with the CCPA?
When your business collects someone's personal information, you take on responsibilities, including trust, security, and ethical responsibility to that individual.
In the November 2020 election, voters will be deciding whether to vote the CPRA into law. Read this blog to learn more.
In this LinkedIn Live, Kabir Barday, CEO of OneTrust, was joined by Scott Bridgen, Offering Manager of OneTrust GRC, to discuss what is OneTrust GRC.
As part of a series of announcements during TrustWeek, we are excited to introduce DataGuidance Data Retention Schedules.
OneTrust releases new data governance software to help Data Governance, Analytics, IT, and Technology teams know their data.
OneTrust announces two new solutions to help manage challenges and maintain ISMS success: Audit Management and Policy Management.
In general, the CPRA amends the CCPA by expanding consumer rights, heightening privacy protections, and establishing an enforcement agency.
On April 6, the Irish Data Protection Commission released a report explaining the findings following a cookie sweep of websites across a range of industries.
Inspired by the GDPR, Brazil's Lei Geral de Proteção de Dados, or LGPD, regulates how companies collect, store, handle, and share personal data.
Google's Consent Mode solution was created to bridge the gap between the advertising and privacy worlds, providing more flexibility.
The data security space is heating up in 2021. Read this article to understand the key components and comparisons of CCPA, GDPR, and LGPD.
OneTrust is named the #1 fastest growing private company in America with 48,000% growth on the prestigious Inc. 500 annual list.
OneTrust announced expanded OTT compliance capabilities to help publishers and advertisers manage privacy consent and preference compliance.
The CCPA enforcement date of July 1 has recently passed, but there are still areas of the regulation that businesses need clarity on.
India's potential PDPB requires that data fiduciaries obtain data principals' consent for processing to ensure the principals' fundamental right to privacy.
The OneTrust Certification Program has announced new dates and a new OneTrust Fellow of Privacy Technology certification is now available.
OneTrust Free Tools help companies kickstark compliance with CCPA, GDPR, ISO 27701 and hundreds of the world's privacy laws and security frameworks.
OneTrust acquired Integris Software to enhances OneTrust DataDiscovery. The integrated data discovery and classification solution is available today.
The OneTrust Assessment Automation privacy impact assessment (PIA) technology is now aligned with the CNIL PIA methodology.
The first step to CCPA compliance for small businesses will be to understand if the law applies to your business or not.
IDC released it's inaugural Data Privacy Management Software Market Shares Report and finds OneTrust has the largest market share.
OneTrust announces two new solutions to help manage challenges and maintain ISMS success: Audit Management and Policy Management.
Cyber security and privacy must integrate using a privacy management software in order to address the growing challenge of protecting consumer data.
When leveraged correctly, these combined resources can streamline processes and automate common third-party risk management activities.
After working closely with IAB Europe, we're proud to announce the OneTrust Consent Management Platform (CMP) is officially TCF 2.0 approved by the IAB.
In this OneTrust blog, you will learn how you can automate consumer requests within your California Consumer Privacy Act (CCPA) program.
OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files.
What is the CMMC, who does it apply to, and how will it impact your business? Follow the development of the CMMC as the DoD put's it into effect.
What's the difference between Integrated Risk Management versus GRC? How do you compare a well-established discipline and new emerging risk initiatives?
The California Consumer Privacy Act is taking effect in January, and one requirement that still confuses many businesses is the Toll-Free Number requirement.
The CCPA is only days away from taking effect, and OneTrust has all the resources you need to be CCPA ready by January 1, 2020.
Both the CCPA and the EU's GDPR aim to protect individuals' privacy rights, but there are some key differences between the two.
Companies can integrate their information across systems and data collection points to centralize their risk register and reporting efforts.
The Court of Justice of the European Union (CJEU) published the non-binding opinion of Henrik Saugmandsgaard Øe, the European Union Advocate General.
We're excited to announce OneTrust Cookie Auto-Blocking, dramatically reducing the time it takes to implement a OneTrust cookie banner on your website.
The data stored in your CMDB tools is only good for those who have access. Streamline maintenance with software to organize, automate and integrate data.
OneTrust offers a Targeted Data Discovery solution to help automate Data Subject Access Requests or DSAR requests.
Many GRC tools are solutions to problems of the past. New technology solutions can solve some of the digital risk challenges GRC tools fail to address.
As the CCPA goes into effect on January 1, 2020, everyone who handles personal information regarding California consumers are going to be impacted.
The IAB and IAB Tech Lab released the CCPA Compliance Framework for Publishers and Technology Companies on October 20, 2019.
OneTrust PreferenceChoice's Cookie Consent and Website Scanning is the most mature and trusted solution for cookie consent in the market.
On September 25, 2019, Alastair Mactaggart announced his new ballot initiative for the November 2020 ballot—the CPRA to amend the CCPA.
Publishers can manage consent across regulations and frameworks with OneTrust CMP consent management provider for publishers and advetisers.
Similar to the CCPA, Nevada allows consumers to opt-out of the sale of “covered information” collected through a website or online service.
As marketers, it is important to keep track of the constantly changing rules and regulations. Read this blog to see how you can keep up with cookie consent.
The California Consumer Privacy Act (CCPA) is the first privacy law to pass in the US – transforming how organizations structure their privacy program.
OneTrust recently announced that we received the world's-first ISO 27701 certification for a Privacy Information Management System (PIMS).
While the CCPA will impact the entire organization, but one initial consideration is who should be part of your internal CCPA team.
OneTrust announced a $200 million Series A investment, valuing the privacy, security and third-party risk company at $1.3 billion.
The Nevada Privacy Law allows consumers to opt-out of the sale of "covered information" collected through a website or online service.
With the OneTrust Vendor Risk Management platform and data mapping, companies sustain an up-to-date data map and automate alerts and actions.
Find out everything you need to know about the OneTrust Expert Certification training at OneTrust PrivacyTech 2019.
As with any trade war, the primary victims are the individuals and businesses needing to adapt to the ever-changing patchwork of global privacy requirements.
Today OneTrust announced it has acquired DataGuidance, a leading, in-depth and up-to-date privacy and security regulatory research platform.
The CCPA will take effect on January 1, 2020. Read the blog to learn more about the importance of the CCPA look back requirement.
Scale your third-party risk program with pre-populated privacy and security profiles on over 6,000 third-party vendors in OneTrust's Vendorpedia.
The GDPR's extra-territorial scope is a big step in escalating the global shift towards digital protectionism and even stoking a global trade war.
In partnership with the Department of Justice, the California Attorney General has scheduled several public forums to get feedback and opinions on the CCPA.
Here is a summary of the practical incident & breach management challenges and how software can help you to successfully tackle them.
OneTrust for Adobe Experience Platform Launch and Adobe Experience Platform Mobile SDK integration will link OneTrust's mobile app records of consent.
OneTrust and ServiceNow, a cloud-based platform with solutions that deliver digital workflows to unlock productivity, will launch OneTrust for ServiceNow.
OneTrust expanded support and resources for the Australia and New Zealand markets and integrated ANZ privacy laws into our privacy management platform.
On August 14, 2018, the Brazilian president sanctioned the Brazil General Data Protection Law (LGPD). Read the blog to learn more.
OneTrust Mobile App Consent lets companies show user consent on mobile apps, allowing them to demonstrate compliance with global privacy regulations.
We've added a new detailed Records of User Consent feature to the OneTrust Cookie Consent Tool, and customers will now have detailed records of consent.
The FStech Awards selected OneTrust as Risk Management Software of the Year in 2018. Thank you to the FStech Awards for this incredible honor
The WP29 has determined controllers should take to being transparent while embedding fairness and accountability into their transparency measures.
OneTrust Wins Big at the RSA Conference, including CEO Kabir Barday being named the Privacy Expert of the Year (Editor's Choice) for his innovation.
OneTrust joins the Cloud Security Alliance or CSA, a global leader in secure cloud computing, to simplify vendor risk management for GDPR compliance.
At the Adobe Digital Marketing Summit, OneTrust announced a new privacy management platform extension for Launch by Adobe.
In October 2017, the Article 29 Working Party (WP29) issued guidelines on personal data breach notification under GDPR, which were submitted for public comment.
OneTrust Simplifies GDPR Compliance for Marketers with Launch of Universal Consent and Preference Management Platform.
In 2017, WP29 Issues Revised Guidelines on DPIAs and whether processing is "likely to result in a high risk" per Reg. 2016/679.
OneTrust launched the first-to-market DSAR portal, allowing data subjects to submit requests directly to organizations that process their data.
The Irish High Court found that the Irish Data Protection Commissioner raised well-founded concerns about the validity of SCCS.
OneTrust Announces EU Regulator Guidance-Based Privacy Templates for GDPR Compliance with a new suite of questionnaire templates.
Belgian DPA publishes template for Article 30 Records in French and Dutch only, but you can attain an unofficial English translation in this blog.
CNIL Publishes Guidance on Incident Management and Notification for GDPR on the notification of security incidents to regulatory authorities.
UK Government publishes a statement of intent for a new Data Protection Bill to strengthen data protection laws in the UK and align with GDPR.
After Reference by Article 29 Working Party, International Organization for Standardization (ISO) publishes ISO/IEC 29134:2017 framework guidelines for PIA.
German DPA released an English translation of the Standard Data Protection Model (SDM), which addresses GDPR data protection goals.
Working Party 29 adopts guidelines on DPIA's and determining whether processing is "likely to result in a high risk" for the purposes of the GDPR.
Nobody Likes Cookie Pop-Ups: Browser-Based Consent and the ePrivacy Regulation. Article 10 discusses the role browsers play in obtaining cookie consent.
The Belgian DPA issues a draft recommendation and launched a public consultation to obtain input from stakeholders about DPIA obligations.
GDPR Compliance Means Cookie Notices Must Change. You probably ticked the cookie law box ages ago and haven't thought about it since.
How GDPR Applies to Charities and Non-Profit Organizations... they're just as obligated as any other EU company to comply with GDPR.
Industry analyst firm Gartner, Inc. listed OneTrust in the category of Privacy Management Tools in three independent 2016 Hype Cycle industry assessments.
Concept of a Privacy Threshold Assessment (or Analysis). They're important, but they aren't the only evaluations necessary for an organization.
OneTrust Acquires Leading Website Auditing and Cookie Compliance Solution. Expands International Presence with Optanon acquisition.
In an evolving landscape, regulatory compliance is key. So how do you check the boxes—and go beyond? Learn how on the OneTrust blog.
Why and how are businesses rethinking vendor risk assessments, risk analytics and control gap analysis? Learn more in our blog.