OneTrust and Protiviti partner to deliver specialty confectioner’s privacy program

premium collection of dark, milk and white chocolate sweets

Protiviti, a global consulting firm and longstanding partner of OneTrust, provides its customers with consulting solutions in internal audit, risk and compliance, technology, business processes, data analytics, and finance. As a global organization whose customers include more than 35% of the Fortune 500, Protiviti works with a wide range of companies, providing a tailored approach to help them face the future with confidence.

Protiviti helped one of their customers, a global leader in premium artisanal chocolate, undertake a company-wide review of its privacy program and data processing activities. Working closely with the customer’s multi-functional team, Protiviti helped them build a clear picture of what data they were processing as well as a perspective on overall data processing activities within the wider organization. With this knowledge they were able to build a forward-looking vision for its privacy program; Protiviti assessed the customer’s readiness and provided recommendations for privacy program improvement.

Choosing OneTrust for scalability, value and integration abilities

"The customer needed a solution that would support compliance with global regulations and a program that could scale alongside the emergence of the CCPA."


Stephen Nation, Protiviti Associate Director

With Protiviti’s help, this specialty confectioner embarked on a company-wide review of the data that it processes as well as an exercise to determine where that data is located within the organization, producing an executive-level view of their personal data processing activities. The result was a clearer perspective of the organization’s data processing activities, allowing the customer to address specific compliance obligations, including the new data management requirements within CCPA.

“The customer needed a solution that would support compliance with global regulations and a program that could scale alongside the emergence of the CCPA,” said Protiviti Associate Director, Stephen Nation.

To meet its goals, the specialty confectioner looked to implement a technology-based solution to support its privacy program. Protiviti supported the team by assessing various available solutions on the market.

The customer’s needs were clear, and technology vendors were assessed based on their scalability, value for money, and the ability to integrate with existing systems. Protiviti and OneTrust have a longstanding strategic partnership, with a strong history of successful implementation. This meant Protiviti was confident that the breadth of tools available in OneTrust’s centralized solution would be a valuable and appropriate investment to help this specialty confectioners privacy program thrive.

OneTrust’s Assessment Automation, Data Mapping and Data Subject Rights Requests were selected to support the customer as they worked towards building the perfect platform that made sense for the organization’s needs.

A gold standard privacy program with OneTrust

The most time-intensive part of the confectioner’s project was the initial review into the company’s operations. Once complete, the organization spent two to three weeks assessing vendors with Protiviti, and within three months, they had implemented OneTrust solutions.

The dynamic partnership between OneTrust and Protiviti was key in delivering this successful project. Protiviti was able to setup the customer’s chosen modules in their OneTrust partner tenant and then hand over a fully functional tenant directly to the customer team, ensuring a seamless transition. 

OneTrust’s partner program provided the tools, support, and access that Protiviti needed to assess and implement the customer’s privacy program management.

“Simply put, data mapping can be a complex endeavor. Protiviti has developed a solid data mapping methodology, leveraging a OneTrust partner tenant to efficiently collect the information necessary to build a foundation of data governance. Working with OneTrust makes it simple,” said Nation.

Protiviti and OneTrust worked together to customize the tools to fit the specialty confectioner’s needs. In particular, the partners focused on developing an asset assessment inventory, record of processing inventory, and push-button RoPA (GDPR Article 30 Record of Processing).

"As the customer quickly moved to a remote working situation, on-tap support was vital, and OneTrust delivered."


Stephen Nation, Protiviti Associate Director

The customer team saw OneTrust’s reputation for high-quality support in action when tackling the particular challenges posed by the sudden shift to working from home due to COVID-19 restrictions. 

“As the customer quickly moved to a remote working situation, on-tap support was vital, and OneTrust delivered,” said Nation.

The sweet taste of success with OneTrust and Protiviti

The project with Protiviti and OneTrust gave this specialty confectioner greater understanding, transparency and control over its privacy program.  Due to the success of this implementation, the customer will be evaluating OneTrust’s Vendor Risk Management module as a potential expansion of their existing tenant.

You may also like


Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more


Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Learn more


Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more