Grant Thornton LLP (Grant Thornton) is a OneTrust partner and is the U.S. member firm of Grant Thornton International Ltd., a world-leading organization of independent audit, tax and advisory firms, made up of over 56,000 people in 140 countries globally. At the heart of their operation is the people they serve, collaborating, deliberating, and innovating to offer creative solutions to drive excellence. 

When a subsidiary of a Fortune 500 transportation services company operating across a wide range of automotive services, approached Grant Thornton to build their privacy program from the ground up, the firm worked with OneTrust to build a program based on technology. Both OneTrust and Grant Thornton strive to add the greatest value for their clients by developing an effective and efficient privacy program. OneTrust adds value through its industry leading privacy automation platform, and Grant Thornton through its industry leading experiences, lessons learned from multiple end–to–end privacy program implementations, and proven history working with the OneTrust team.

The starting line for a privacy program

The starting point for this project was a clean slate, the client wanted to work with Grant Thornton to build their entire program from the bottom up. This included enhancing the data inventory, creating a unique privacy policy and notice, developing an individual rights management process, updating the consent management process, and identifying the best implementation solution. 

The key need for this transportation services company was for experience and expertise on how to develop a smooth running and highly functional program, and they wanted a partnership that would support ongoing learning from other companies and the industry, as well a support with the heavy lifting throughout the implementation. 

Grant Thornton started the process by learning all about how this transportation services company operated, which processes were key, and how data is being processed. One clear conclusion they drew was that technology would be key and Grant Thornton would lead the shortlisting and selection process to find a partner. 

“Expertise and experience were what this transportation services company needed, they wanted ongoing support from partners who understood the experiences of others across the industry,” said Lindsay Hohler, Principal at Grant Thornton.

OneTrust + Grant Thornton: The partnership to deliver a privacy program for a transport services client

For a Fortune 500 transport services organization that operates on this scale, technology was going to be fundamental to building their program, meaning choosing the right technology was vital. 

OneTrust was considered from the very beginning as both parties were familiar with the technology. A UK subsidiary of the client implemented OneTrust for their GDPR compliance program with notable success, and Grant Thornton had championed several OneTrust implementations for other organizations with success.

A variety of companies were shortlisted, evaluated against Grant Thornton’s scorecard, which measured a range of criteria including data mapping, individual rights functionality, customization, bulk import, overall solution, user interface and vendor support. 

OneTrust scored highest against all of Grant Thornton’s criteria, and was set apart by a clear track record for adaptability and agility: as the market’s needs developed so did OneTrust’s products. Implementing privacy technology that moves and grows with the industry is key for program longevity.

Standing out from the crowd, OneTrust offered maturity and breadth at a competitive price. Grant Thornton’s client needed a tool that would offer key functionalities in the most efficient way, not least of all the importing and exporting of data. Where many tools require a more substantial input on this task, the OneTrust tools enabled the client to maintain autonomy over this process. “The ability to import and export data was incredibly important, OneTrust enables this seamless process as part of its critical functionality,” said Lindsay.

OneTrust demonstrated all of their products, building a clear picture of how the selection of tools can help build a bespoke program to meet the client’s needs. The extra care and attention that the OneTrust team put into providing a detailed and personal experience in this tentative stage of the program was evident, and the use of a sandbox environment was incredibly beneficial and allowed Grant Thornton to run a number of test scenarios. These demonstrations to the client’s core team, made up of the project lead from the legal team, info-sec team and tech team, were vitally important as these were the people who would go on to use the product in their day-to-day roles.

Grant Thornton’s scorecard approach to vendor comparisons formed the basis for their presentation to the executive committee. The detailed approach meant the results of the comparison could easily be presented, and little convincing was needed as the results spoke for themselves. The key benefits that OneTrust brought to the table were great value and functionality, but what really set them apart from the crowd was the pace at which OneTrust develop their tools. The starting point was to look at the tools that would sit at the heart of the program, which were Assessment Automation, Data Mapping and Data Subject Access Requests.

A smooth ride for OneTrust implementation

Grant Thornton worked with OneTrust to get the selected products up and running. This included working with the client’s security team to implement single sign on and training their team on how to use the tools. Communication was key to keep this process smooth, and OneTrust and Grant Thornton had weekly meetings with core the client’s team to provide significant support as any questions were raised. 

With Grant Thornton as the partner, end-to-end implementation and onboarding process with OneTrust took seven months.  In May 2019 the contract was signed, and the data inventorying and implementation of the OneTrust tool took place from June till August. Moving forward to September and October, Grant Thornton continued its implementation of the individual right management process and other key objectives to build a sustainable and adaptive privacy program. The focus was on ensuring the processes were smooth and efficient, and careful attention was turned to CCPA compliance based on early AG guidance. The common factor in each of these stages that created success was the continual support from both Grant Thornton and OneTrust. 

“The implementation process was incident free with OneTrust’s support being key to answer any questions,” said Lindsay.

OneTrust and Grant Thornton go the extra mile

The measure of success in this partnership is the client’s satisfaction, and they were certainly pleased with the ease of use and efficiency or both those using the tools and the stakeholders. 

“A major positive for this transportation services company is that the solution is complete and ready-to-use, they can manage all of their requests through the tool,” said Lindsay.

Much of the project’s success was due to the OneTrust and Grant Thornton relationship. As a OneTrust partner for several years, “An important aspect of OneTrust’s value as a partner is the direct contact, being able to have an open conversation about adaptations, and then actually seeing them in the solutions,” said Lindsay.

The success of Grant Thornton and OneTrust’s partnership echoed through the client organization, with the combination of expert knowledge and detailed support received throughout the process, it was an easy pitch to the other subsidiaries, and Grant Thornton will help this transportation services company scale their OneTrust use. 

“The level of support and trust that the client got from OneTrust and Grant Thornton and with all the expert knowledge, it made it an easy sell to their partner companies,” said Lindsay.