OneTrust Featured in Ovum’s On The Radar Report

Download Ovum’s On The Radar Report about OneTrust here.

Introduction

New legislative instruments such as GDPR often impose a range of obligations on organizations. OneTrust’s solutions aid privacy officers to carry out their duties, automate some processing, and provide background information for compliance attestations.

Highlights

OneTrust Assessment Automation supports threshold assessments, which determine whether personally identifiable information (PII) is likely to be present and, therefore, a Privacy Impact Assessment (PIA) is required. It also supports the extensive administration around PIAs.

OneTrust Data Mapping provides the foundation for information-related compliance via documentation of enterprise data and its usage. It supports data discovery via questionnaires (with templated questions available), scanning, and automated API.

OneTrust Cookie Compliance scans a customer’s website for cookies and tracking technologies, identifying and categorizing cookies. OneTrust Certification Seals provides lifecycle support for customers requiring certification of compliance activities.

Features and Benefits

  • The solution comprises four key functional areas that support many of the requirements imposed on privacy officers by GDPR and other privacy-related legislation.
  • The solution provides a point of reference for demonstrating accountability, compliance, and evidence of strong privacy practices (Privacy by Design).
  • A central repository supports collaboration across business units and with partners, integrating risk management across activities.
  • Deployment can be either on premise or in a cloud environment, and can be migrated between environments if requirements change.

Key Questions Answered

  • Is there a solution that would support my organization’s struggle with the burden of new privacy-related compliance responsibilities (e.g. GDPR)?
  • Can my organization centralize management of privacy-related risk, while also integrating with our wider GRC efforts?
  • Is there a solution that augments the discovery phase of data mapping with risk and compliance analysis of the results?
  • Can my organization integrate consent management with our efforts to control cookies?