March 22, 2022 - GRC IT Risk Management
Establishing an Intel-Lead Security Program: 5 Key Components
The risk landscape expands each day, and your organization’s security program needs to keep up. Whether it’s a recent
March 14, 2022 - Uncategorized
What is the German Supply Chain Due Diligence Act?
In June of 2021, Germany’s legislature passed the Act on Corporate Due Diligence in Supply Chains (Supply Chain Due
March 7, 2022 - Ethics and Compliance
The Chief Trust Officer (CTRO) & Vendor Risk Management: Top Challenges & Biggest Opportunities
As risk vectors evolve, it’s critical that organizations implement a business strategy that unites risk domains and keeps trust
February 28, 2022 - GRC IT Risk Management
How to Build a Proactive IT & Security Framework
Refining your IT & security risk management strategy is an ongoing requirement at any stage of program maturity. Recent
February 16, 2022 - GDPR Regulation
How Does Your Privacy Framework Support Better Security Oversight?
Security is a key pillar of any privacy program – meaning holistic security and privacy compliance is crucial to business
February 11, 2022 - Americas
Ransomware Risk Management: The PCI Security Standards Council & National Cybersecurity Alliance’s Ransomware Bulletin
The PCI Security Standards Council (PCI SSC) and National Cybersecurity Alliance published a bulletin in response to the rise
February 7, 2022 - GRC News
Get to Know: OneTrust’s Channel Chief Gordy Wyatt
We’re excited to announce that Gordy Wyatt, OneTrust’s North America Channel Director, has been named a 2022 Channel Chief
February 4, 2022 - GRC IT Risk Management
Buy-In Guide: Making the Case for TPRM Software
OneTrust Vendorpedia™ is the largest and most widely used technology platform to operationalize third-party risk. The technology platform enables
February 2, 2022 - Third Party Risk
Preview OneTrust’s Ultimate Guide to VRM for Privacy Professionals
Vendor Risk Management – GDPR as a Global Benchmark The management of vendor risk from a data protection standpoint
January 27, 2022 - GRC IT Risk Management
The Importance of User-Driven Configuration for Flexible IT Risk Management and Privacy Compliance
Digital transformation is more than just the move from manual processes to the internet of things (IoT) technologies, it’s ongoing change management
December 30, 2021 - Awareness Training
A Year in Review: Key takeaways, Top Breaches & More 2021 Security Trends
2021 Top Breaches, Hacks, and Outages From incidents in the oil and gas industry to successful ransomware defense in
December 20, 2021 - GRC IT Risk Management
The Future of TPRM: Third Party Risk Management Predictions for 2022
Third-Party Risk Management (TPRM) is the way that a company looks at vendor relationships and manages the risks that they
December 16, 2021 - GRC IT Risk Management
Build the Business Case: The Importance of Business Resilience and TPRM
Throughout the beginning of December, a major web service and retail provider (that now controls 33% of the cloud
December 14, 2021 - GRC IT Risk Management
Working With Vendors to Address the Apache Log4j 2 Library Vulnerability
There is a new critical vulnerability that impacts one of the most popular open-source Java logging libraries, Apache Log4j 2. The exploit has been identified as a
December 13, 2021 - Uncategorized
OneTrust Partners with Big Brother Big Sister of Metro Atlanta to Support Youth
OneTrust partners with Big Brother Big Sister of Metro Atlanta to support our local community. In June 2020, OneTrust
December 9, 2021 - Emerging Regulations and Trends
NIS2: An EU-Wide Cybersecurity Strengthening and Resilience Solution
On December 3, the Council of the European Union (EU), announced that it had agreed on its general approach to the text
December 3, 2021 - GDPR Regulation
Privacy and IT Risk: How Secure Are Your Assets Securing Personal Data?
Why IT Risk is Essential to Privacy Excellence Privacy and IT risk management professionals have untapped potential in bringing more value to
December 2, 2021 - GRC IT Risk Management
The CECO & Vendor Risk Management: Top Challenges & Biggest Opportunities
Complex regulations are accelerating the need for organizations to realign their business practices from top-to-bottom. The consequences for non-compliance
November 29, 2021 - ESG
ESG Corporate Ratings and ESG QualityScore Data Now Available Out-of-the-Box in the Vendorpedia Exchange Community
OneTrust Vendorpedia has partnered with ISS Corporate Solutions to pull ISS ESG Corporate Ratings and QualityScore data for covered
October 28, 2021 - ESG
The CSO (Chief Sustainability Officer) & Vendor Risk Management: Top Challenges & Biggest Opportunities
Maintaining a strong security posture is more important than ever, and that includes addressing all aspects of organizational cybersecurity from both
October 25, 2021 - Uncategorized
Digital Transformation and the Impact of the Evolving Digital Landscape
Over the last year, reliance on remote work drove a rapid increase in digital transformation, pushing security teams to
October 18, 2021 - Awareness Training
Educate, Empower, Enable: The Importance of Cybercentric Education
As the technological landscape continues to evolve, digital risk management needs are growing. Increased compliance obligations, digital transformation, and the proliferation
September 17, 2021 - Incident Management
Putting Your Incident Management Playbook Into Action: Part 1 – Prepare
Putting Your Incident Management Playbook Into Action: Part 1 – Prepare Security incidents and data breaches are quickly becoming
August 12, 2021 - GRC IT Risk Management
The Accenture Ransomware Attack: A Use Case for Effective Risk Mitigation
Targeted ransomware attacks have reached new heights, with a 62% global attack spike and a 158% increase in North American attacks alone. As ransomware
August 10, 2021 - GRC IT Risk Management
ITRM 101: Understanding the Impact of IT Risk on Your Organization
Defining ITRM IT Risk Management (ITRM) is a form of risk mitigation commonly used in information technology (IT). Per the ISACA Risk IT Framework, ITRM is
July 2, 2021 - GRC IT Risk Management
How Good IT Asset and Risk Management Can Protect You from Ransomware
A recent surge in ransomware attacks against critical infrastructure suggests a trend in cybercrime for the year. Groups of bad actors
June 30, 2021 - GDPR Regulation
The Benefits of Combining Data Mapping and Data Residency
More and more countries are creating parameters about data localization. Every policy is a little bit different, with some
June 22, 2021 - GRC IT Risk Management
How Your Organization Can Use an Incident Management Playbook
The chances of your organization being the victim of a data breach is now up to 1 in 4.
June 17, 2021 - GRC IT Risk Management
Celebrating our Community of Trust
OneTrust is trusted by over 10,000 companies, both big and small. To celebrate our five-year anniversary, we spoke with
June 14, 2021 - GRC IT Risk Management
Risk Management: Making Your Organization First Line Friendly
What does it mean to make your risk management program first line friendly? While risk management is critical to
June 3, 2021 - GRC IT Risk Management
New Wave of Ransomware Attacks Hits US Infrastructure
A recent surge in ransomware attacks against critical infrastructure suggests a trend in cybercrime for the year. Groups of bad actors are targeting countries’ essential services (oil, food production, etc.) because
May 17, 2021 - GDPR Regulation
Understanding the 7 Principles of the GDPR
The General Data Protection Regulation (GDPR) rewrote the rules on privacy, forcing companies to update their operations and even
April 23, 2021 - GDPR Regulation
Apple iOS 14.5: How to Prepare with OneTrust
Yesterday, Apple revealed that iOS 14.5 will go into effect on April 26th. Apple first launched the 14.5 beta to the public earlier this year
March 19, 2021 - GDPR Regulation
How to Prepare for Apple iOS 14.5 Privacy Requirements
Apple iOS 14.5 Privacy Requirements and iPadOS 14.5 are scheduled for an early spring 2021 release. The new release will include many new features, including a major privacy upgrade. This update will include
March 11, 2021 - GDPR Regulation
UK Adequacy Decision FAQs: Your Top 5 Questions Answered
The European Commission announced a draft UK adequacy decision on February 19, 2021. A move that will allow data to flow freely between
January 6, 2021 - GRC IT Risk Management
Integrate Microsoft Word into the OneTrust GRC Policy Management Software
To help companies improve policy management processes, OneTrust GRC today announced our policy management software integration with Microsoft Word.
December 2, 2020 - GDPR Regulation
Global Privacy Laws Update 2020
Global privacy laws have continued to develop rapidly throughout the course of 2020. Significant new laws have entered into force such as the LGPD in Brazil, further sections of POPIA commenced, and
September 25, 2020 - GDPR Regulation
LGPD vs. GDPR
Inspired by the European Union’s General Data Protection Regulation (GDPR), Brazil’s (Lei Geral de Proteção de Dados or LGPD) regulates how companies collect, store, handle, and share personal data. Who the LGPD Impacts
July 16, 2020 - Uncategorized
OneTrust Expands EU Solution in Response to Schrems II Decision
The CJEU today issued its judgment in the Schrems II case, invalidating the EU-US Privacy Shield. For now, the
July 7, 2020 - GDPR Regulation
AI & Data Protection Law
Companies today are finding ways to be more efficient and replace the timely, complex human-based tasks with technology. Innovative technology, like artificial intelligence (AI), streamlines
July 1, 2020 - GRC IT Risk Management
OneTrust DataGuidance Add Three New Comparison Charts to its Catalog of Privacy Research Tools
OneTrust DataGuidance has added three new comparison charts to its extensive catalog of privacy research tools. The latest additions focus on the
June 9, 2020 - Uncategorized
New Privacy Essentials in the Financial Sector Awareness Training Course
OneTrust Awareness Training now offers a newly developed course designed specifically for promoting a fundamental understanding of the key
June 5, 2020 - GDPR Regulation
The Evolution of Valid Consent for Cookies in Germany
On May 28, 2020, Germany’s Federal Court of Justice (‘BGH’) announced its decision on the Planet49 case, ruling that the use of pre-ticked checkboxes in Planet49’s online
May 28, 2020 - GDPR Regulation
Deja Vu: Data Privacy Standards Evolution Draws Eerily Similar Comparison to PCI-DSS
As the data privacy space continues to awkwardly mature, we’re in the midst of a privacy sovereignty evolution. An
May 13, 2020 - GDPR Regulation
OneTrust Launches All New Courses for Publishers: IAB TCF 2.0 2020 Master Class Webinar Series
Today OneTrust opened registration for an IAB Europe Transparency and Consent Framework 2.0 (TCF 2.0) Master Class Webinar Series! The free webinar series is led by OneTrust privacy experts and designed to help publishers properly
May 6, 2020 - GRC IT Risk Management
Introducing OneTrust GRC’s Audit & Policy Management: Two New Tools to Support ISMS Programs
Navigating risk and upholding information security management system (ISMS) programs across an organization relies heavily on the ability to
April 21, 2020 - Uncategorized
When Will South Africa’s POPIA Enter Fully into Effect?
What is POPIA? The Protection of Personal Information Act (‘POPIA’)–South Africa’s omnibus data protection statute—was signed into law in
April 8, 2020 - GRC IT Risk Management
Announcing the New APAC Webinar Series
Registration is now open for OneTrust’s APAC Webinar Series! The global regulatory landscape keeps evolving, so continued compliance with
March 9, 2020 - Uncategorized
OneTrust PrivacyTech Postponed to Fall 2020
OneTrust is committed to the safety and well-being of our privacy, security and trust community at large. We’ve been closely
February 19, 2020 - GDPR Regulation
What Does the Brexit Transition Period Mean for GDPR and Privacy Pros?
On January 31, 2020, the UK officially left the EU. A Brexit transition period will now span January 31,
January 30, 2020 - Uncategorized
Breaking Up is Hard to Do: the UK and the EU
On January 31, 2020, the United Kingdom (UK) is planning on exiting the European Union. (EU) This will impact the privacy world in many ways. In this blog post,
January 16, 2020 - GRC IT Risk Management
Integrated Risk Management vs. GRC
Comparing two schools of thought, Integrated Risk Management vs GRC. Governance Risk and Compliance (GRC) is a well-established practice,
December 19, 2019 - Uncategorized
News: CJEU Publishes AG Opinion on Facebook Ireland and Schrems Case
On December 19, 2019, the Court of Justice of the European Union (CJEU) published the non-binding opinion of Henrik
December 19, 2019 - GRC IT Risk Management
Centralizing Your Risk Register
Consolidate information to deliver a complete view of your enterprise’s risk exposure. Many companies have a “centralized risk register”
November 20, 2019 - GRC IT Risk Management
Adding Context to Your Integrated Risk Management Program
Integrated Risk Management, Contextualizing Data with an Intelligent Platform for Added Value to Your Everyday Business Functions. In the
December 14, 2018 - GRC IT Risk Management
What the CNIL’s Recent Decisions Involving Vectaury, Fidzup, Teemo and Singlespot Reveal about What a Consent UI Should Look Like
And What Steps You Can Take Today to Collect Valid User Consent The French data protection authority (CNIL) has recently closed three cases (with companies Teemo, Fidzup and Singlespot) and
November 1, 2018 - GRC IT Risk Management
Canada’s New Data Breach Reporting Law Takes Effect Today
Companies subject to the Personal Information Protection and Electronic Documents Act (the “PIPEDA“) will now need to satisfy the reporting and
March 7, 2018 - GDPR Regulation
WP29 Publishes Revised Guidelines on Personal Data Breach Notification Under GDPR
WP29 Publishes Revised Guidelines on Personal Data Breach Notification Under GDPR In October 2017, the Article 29 Working Party
November 9, 2017 - GDPR Regulation
WP29 Guidelines Review: How DPAs Will Apply Administrative Fines Under the GDPR
WP29 Guidelines Review: How DPAs Will Apply Administrative Fines Under the GDPR The GDPR grants extensive enforcement powers to
October 5, 2017 - GDPR Regulation
OneTrust GDPR Deep Dive Series Chapter 10: Delegated Acts and Implementing Acts & Chapter 11: Final Provisions
OneTrust GDPR Deep Dive Series Chapter 10: Delegated Acts and Implementing Acts & Chapter 11: Final Provisions Chapter 10
September 28, 2017 - GDPR Regulation
OneTrust Legal Team Authors GDPR Privacy Advisor Post for IAPP
OneTrust Legal Team Authors GDPR Privacy Advisor Post for IAPP OneTrust’s Chief Privacy Officer, Andrew Clearwater, CIPP/US and Privacy
August 4, 2017 - GDPR Regulation
The GDPR’s Impact on Marketing and Advertising
The GDPR’s Impact on Marketing and Advertising When companies share customers’ personal information with third-parties, they’re helping brands
July 27, 2017 - GDPR Regulation
OneTrust GDPR Deep Dive Series Chapter 5: Transfers of Personal Data to Third Countries or International Organisations
OneTrust GDPR Deep Dive Series Chapter 5: Transfers of Personal Data to Third Countries or International Organisations Chapter 5
June 29, 2017 - GDPR Regulation
OneTrust GDPR Deep Dive Series Chapter 3: Rights of the Data Subject
OneTrust GDPR Deep Dive Series Chapter 3: Rights of the Data Subject One of the most important goals of the GDPR is to protect
June 15, 2017 - GDPR Regulation
OneTrust GDPR Deep Dive Series: Chapter 2
OneTrust GDPR Deep Dive Series Chapter 2: Principles Chapter 2 outlines basic principles and provides information to help companies prepare
June 1, 2017 - GDPR Regulation
Introducing the OneTrust GDPR Deep Dive Series
Introducing the OneTrust GDPR Deep Dive Series The one-year countdown to GDPR started last week. To mark the occasion, OneTrust
January 31, 2017 - GDPR Regulation
How GDPR Compliance Can Save You Money
How GDPR Compliance Can Save You Money As January comes to a close, reality begins to sink in that
January 12, 2017 - Uncategorized
Belgian DPA Seeks Public Comments on DPIA Draft Recommendation
Belgian DPA Seeks Public Comments on DPIA Draft Recommendation As the Belgian DPA (Commission de la protection de la
December 27, 2016 - Uncategorized
#5QsforCPOs: Andrea White – Chief Compliance Counsel and Privacy Officer @ Toyota
#5QsforCPOs: Andrea White – Chief Compliance Counsel and Privacy Officer @ Toyota In our #5QsForCPOs blog series, OneTrust conducts
December 16, 2016 - GDPR Regulation
WP29 Releases GDPR Implementation Guidelines and FAQs
WP29 Releases GDPR Implementation Guidelines and FAQs Coming at the heels of the EU ePrivacy Regulation leak, the Article
November 15, 2016 - GDPR Regulation
EU Businesses Aren’t Just Unprepared for GDPR… They’re Underpreparing
EU Businesses Aren’t Just Unprepared for GDPR… They’re Underpreparing Computing UK conducted a study in February 2016 that revealed
October 3, 2016 - GDPR Regulation
Can Payments Companies Monetize Data and Still Comply with GDPR?
Can Payments Companies Monetize Data and Still Comply with GDPR? A growing trend among payment service providers is identifying
September 29, 2016 - GDPR Regulation
How GDPR Applies to Charities and NPOs
How GDPR Applies to Charities and NPOs Between fundraising, events, and charitable giving, non-profit organizations (NPOs) collect a ton of
September 27, 2016 - GDPR Regulation
GDPR Will Require Accountability Through Privacy and Security by Design
GDPR Will Require Accountability Through Privacy and Security by Design PRIPARE defines Privacy by Design a few different ways:
September 26, 2016 - GRC IT Risk Management
Concept of a Privacy Threshold Assessment
Concept of a Privacy Threshold Assessment PTA Overview Privacy Impact Assessments/Analyses (PTAs) are an important aspect of privacy compliance
September 23, 2016 - Uncategorized
#5QsforCPOs: Pat Manzo – EVP, Global Customer Service & Chief Privacy Officer at Monster
#5QsforCPOs: Pat Manzo – EVP, Global Customer Service & Chief Privacy Officer at Monster In our #5QsForCPOs blog series,
August 15, 2016 - GDPR Regulation
GDPR and Operational Reform
GDPR and Operational Reform Data Protection was once the siloed concern of a company’s privacy team, but GDPR’s imminence
August 10, 2016 - GDPR Regulation
How Brexit Will Impact UK GDPR Compliance
How Brexit Will Impact UK GDPR Compliance On June 23, U.K. citizens approved Article 50, a Brexit from the