OneTrust Privacy Governance
Map Data Flows for Ongoing Compliance
OneTrust Privacy Governance Solutions
The inception of the CCPA requires organizations that conduct business in the state of California to make structural changes to their privacy programs. Organizations now need a scalable way to discover what data they hold, how it is used, and what third parties have access to it, as well as maintain detailed, ongoing records for CCPA compliance.
By leveraging the OneTrust CCPA Privacy Governance solutions, your organization can streamline CCPA compliance, implement Privacy by Design principles, and thoroughly assess your service providers and third party vendors. The OneTrust platform directly addresses CCPA requirements and sets organizations on the right trajectory for supporting a global privacy program.
Complete Solution to Implement the CCPA
Streamline CCPA Compliance
Collect and maintain accurate records of consumer’s personal information and maintain detailed, ongoing records for compliance.
Learn More
Implement Privacy by Design
Follow the principles of data minimization and purpose limitation to adopt a Privacy by Design approach.
Learn More
CCPA Privacy Governance
OneTrust Data Inventory Mapping
Map Data Flows and Meet ‘Look Back’ Requirement
- Track key attributes when mapping data with CCPA-specific data elements built into OneTrust for CCPA compliance
- Leverage bulk importing capabilities to attach CCPA-specific data elements to existing data
- Auto-generate data lineage diagrams and asset maps to visually represent your organization’s CCPA-specific data flows.


OneTrust Assessment Automation
Distribute CCPA-based PIAs & PbD Assessments
- Leverage updated Privacy Impact Assessments (PIAs) including data minimization and purpose limitation considerations outlined under the CCPA
- Mitigate risks with automated CCPA-specific risk flagging and research-backed remediation recommendations
OneTrust Incident & Breach Response
Meet California Breach Notification Rules
- Analyze incidents with a built-in California Data Breach Notification assessment template
- Streamline responses and quickly remedy a violation within the CCPA’s 30-day cure period with customizable workflows
- Track the number of consumer requests received and fulfilled to measure the impact of an incident


OneTrust Vendor Risk Management
Assess Vendors and Navigate CCPA ‘Cure Periods’
- Communicate with third-party vendors to meet consumer requests for data access and deletion
- Generate visuals to map vendor personal information flows state by state and around the world to help understand where personal information resides
- Identify vendors that are sold and sell personal information to adhere to the opt out requirement when necessary