In a week that has seen British Airways (BA) and Marriott slapped with provisional fines of $230 million and $123 million over breaches affecting hundreds of millions of consumers, the issue of data and privacy management will likely top many companies’ agendas.
The levies thrown at BA and Marriott are by far the largest to stem from Europe’s new GDPR regulations, which went into effect last year with the aim of tightening data protection laws across the EU and ensuring that sufficient punishments are in place for offenders. With the California Consumer Privacy Act (CCPA) taking effect next January, and a shifting regulatory landscape around data sovereignty and localization globally, opportunities for third parties that help with compliance are on the rise.
One of those companies is OneTrust, a data privacy management compliance platform that was set up to help businesses adhere to the growing array of regulations, including GDPR and CCPA. Today, OneTrust announced its first round of funding since it was founded in 2016 — a gargantuan $200 million series A from Insight Partners that values the startup at a hefty $1.3 billion.
The OneTrust privacy management platform offers a range of tools and services, including a template-based self-assessment tool that enables companies to see where they’re at in terms of compliance with GDPR, Privacy Shield, and more.
The software suite allows them to generate compliance reports for specific privacy regulations and assess their data collection processes.
A core component of the platform is data mapping, which is important for companies looking to better understand how data flows through their organization. A questionnaire template enables companies to collate information about how personal data is being collected — including the purpose, processes, and how it’s stored and transferred.
The platform can also automatically generate diagrams and visualizations to illustrate how data is flowing across continents and countries.
Elsewhere, OneTrust’s platform offers various tools for marketers, including cookie compliance, mobile app compliance, and consent management, and it also provides third-party risk-management and breach response tools.
OneTrust hasn’t garnered many headlines since its launch three years ago, but the Atlanta, Georgia-based company has amassed some 3,000 clients in 100 countries. Clients include Oracle, Criteo, 21st Century Fox, Kickstarter, and Allianz. In the wake of Marriott’s massive data breach last year, the hotel giant enlisted OneTrust to launch an online tool to help customers determine whether their data had been compromised in the hack.
OneTrust told VentureBeat that it has so far been entirely bootstrapped by its management team, including co-chair Alan Dabbiere, who founded Manhattan Associates and AirWatch — the latter with fellow OneTrust chair John Marshall. As it happens, AirWatch also raised $200 million from Insight Partners back in 2013, before it was acquired by VMware for $1.5 billion. OneTrust CEO Kabir Barday was an early employee at AirWatch, where he was heavily involved in the startup’s work around privacy.
“It’s been an exciting three years at OneTrust, with our customers partnering with us to define and build the most widely used technology platform in a completely new market,” said Barday. “This investment will help us to bring a new level of scale and support for our customers, coming at a timely juncture with just six months before California’s CCPA is set to be enforced.”
Data privacy compliance companies are enjoying a surge of interest. The privacy laws being implemented around the world differ in terms of their requirements, but their purpose is the same: to formalize how companies manage and track personal data.
Just yesterday, San Francisco-based TrustArc raised a $70 million round of funding to help companies implement privacy and compliance programs, while last month Privitar nabbed $40 million to better enable businesses to engineer privacy protection into their various data projects. Elsewhere, InCountry recently exited stealth with $7 million in seed funding to help multinationals comply with local data residency regulations, while last year BigID nabbed $30 million to expand its data privacy management platform for enterprises.
In a word, the data privacy protection sphere is hot.
“New privacy regulations, like the CCPA and GDPR, are a direct market reaction to consumer demand for improved data privacy protection,” added Richard Wells, managing director at Insight Partners. “OneTrust’s strategic vision, stellar execution, and product innovation have shaped the company’s leadership in the privacy and compliance space, providing customers with the tools to implement their own best in class privacy, security, and third-party risk programs.”