Atlanta, Georgia-based privacy and marketing, security, and data governance solutions firm OneTrust today announced it raised $300 million at a $5.1 billion valuation. The company says the round will be put toward product R&D as it looks to expand its sales, marketing, and engineering teams worldwide.
About 64% of respondents around the world feel that adhering to compliance requirements is a “very” or “extremely” effective way to keep data secure, according to a Thales report. But compliance is expensive. In a 2017 PricewaterhouseCoopers survey of execs at U.S., U.K., and Japanese tech companies, 88% said their company planned to spend over $1 million preparing for the EU’s General Data Protection Regulation (GDPR) in the run-up to its full May 2018 implementation. A smaller percentage of respondents — 40% — said they expected to spend $10 million or more.
Kabir Barday, a former developer at BlackRock and previously director of product management at Dell-owned VMWare, anticipated the nearly $51.5 billion compliance management market’s growth in 2016 when he founded OneTrust with cochair Alan Dabbiere, a cofounder of Manhattan Associates and AirWatch. Barday was an early employee at AirWatch, which raised $200 million in 2013 before VMware acquired it for $1.5 billion. OneTrust went on to raise $200 million in a series A round last July at a whopping $1.3 billion valuation — a valuation the firm more than doubled to $2.7 billion in February 2020.
This latest cash infusion comes after roughly a year, during which time OneTrust grew its customer base to more than 7,000 organizations across 100 countries, up from 3,000 as of July 2019. (OneTrust’s three-year growth is 48,000%, making it the fastest-growing company on Inc. magazine’s Inc. 500.) According to Barday, nearly half the Fortune 500 companies now use its product suite, including brands like Aetna, Randstad, Steelcase, Vevo, Oracle, Marketo, Akamai, Criteo, 21st Century Fox, Adobe, Tealium, Okta, Salesforce, and Kickstarter.
Above: Cross-border data-mapping with OneTrust
OneTrust offers a privacy management program that helps companies comply with the GDPR, the California Consumer Privacy Act (CCPA), and hundreds of other global privacy laws by using research portals and automation tools. It streamlines the intake and fulfillment of consumer and subject rights requests and allows customers to benchmark against their peers, map and inventory records of processing, and generate custom reports as data flows through their organization. With OneTrust DataGuidance, admins can search across over 20,000 associated templates, guidance case law, and resources contributed by a network of over 800 lawyers and 40 in-house legal researchers. Alternatively, they can look up individuals’ data across cloud and on-premise systems while maintaining security standards with data review, redaction, and approval workflows.
OneTrust’s complementary PreferenceChoice tool enables companies to drive opt-in demand while demonstrating full compliance. It allows businesses to deploy interfaces and experiences across marketing and sales activities that collect consent and preferences and sync them across channels, while at the same time automating the fulfillment of consumer rights requests and the maintenance of historical consent records from a single portal. In addition to scanning mobile apps to detect where data is going, PreferenceChoice surveys websites and generates consent and preference banners, drawing on a database (Cookiepedia) of over 7 million precategorized tracking cookies. It brings in business apps for access, deletion, and portability, integrating a central preference center with detailed consent records.
On the third-party risk side of the equation, there’s OneTrust’s Vendorpedia, which assesses IT and non-IT vendors, direct suppliers, services, legal organizations, franchisees and retailers, agents, and contractors with risk mitigation workflows and ongoing monitoring. It prepopulates security and privacy data on thousands of global vendors in total, each with information at the service and product level, and it lets managers create automated rules to trigger reassessment or receive alerts when enforcement actions occur. Using Vendorpedia, customers can scour contracts, certificates, and documentation for key terms and create audit-ready reports with risk views and interactive dashboards. Additionally, they’re able to link vendors to IT systems and business processes with data inventory and mapping, ultimately adding context to various vendor risks.
Above: OneTrust “readiness” dashboard
OneTrust also automatically responds to incidents and breaches, informed by its ever-growing Databreachpedia global law engine. From within a dashboard, customers can track breach response progress and ensure their team adheres to notification deadlines, or drill down to individual incidents to see additional details. This same dashboard automatically flags risks during incident assessments and investigations, and it recommends mitigation steps based on regulatory guidance from hundreds of privacy laws.
It’s safe to say that compliance management is a red-hot sector, as alluded to earlier. Last year, San Francisco-based TrustArc raised a $70 million round of funding to help companies implement privacy and compliance programs; Privitar nabbed $40 million to better enable businesses to engineer privacy protection into their data projects; and InCountry exited stealth with $7 million in seed funding to help multinationals comply with local data residency regulations. Back in 2018, BigID nabbed $30 million to expand its data privacy management platform for enterprises. And at the end of 2019, LogicGate, which provides a platform that automates processes and compliance tracking, raised $24.75 million to invest in content, frameworks, data partnerships, and integration.
To stay ahead of the competition, in 2020 OneTrust launched Athena, an AI and robotic automation engine built into the OneTrust platform. After acquiring Seattle-based Integris, OneTrust also rolled out new data governance and guidance, ethics, and privacy products; DataDiscovery, a data discovery and classification solution; and free tools to automate GDPR and CCPA compliance programs.
OneTrust, which is co-headquartered in London, with additional offices in Bangalore, San Francisco, New York, Munich, Hong Kong, and Bangkok, has over 1,500 employees globally. It recently expanded to France with a dedicated team of local privacy and marketing experts and a datacenter, shortly after announcing new operations in Brazil with hosting options and support for Brazilian Portuguese and “dozens” of other languages.
OneTrust has raised $710 million in funding to date.