OneTrust has strengthened its position as an innovator in the nascent market for solutions that can help organizations facing compliance problems caused by the EU General Data Protection Regulation (GDPR). The company has announced a solution partnership with RSA, in which interoperability has been established between the OneTrust Enterprise Privacy Management Software Platform and RSA Archer GRC Platform.
Welcome news for organizations affected by GDPR
Via the combination of the partners' solutions, customers will be able to operate use cases available in the well-established and functionally extensive RSA Archer GRC Platform, together with use cases within the OneTrust Enterprise Privacy Management Software Platform, to have a central and consolidated view of GDPR-related risk across the organization. OneTrust's solution comprises four key functional areas that support many of the requirements imposed on privacy officers by the GDPR and other privacy-related legislation. The solutions together aim automation, workflow, and recordkeeping capabilities at many of the operational requirements that arise from the GDPR, including demonstrating accountability, implementing data protection by design and default, data protection impact assessments (DPIA), policy management, data mapping and records of processing activities, subject rights and consent management, vendor risk management, incident and breach reporting, and ePrivacy cookie compliance.
OneTrust had already established a strong position, early in the growth of a solution market aiming to meet the urgent requirements to support privacy officer roles in organizations of all types that are affected by privacy-related legislation such as the GDPR. The company has a highly experienced management team that has established strong links with rapidly growing privacy communities in many parts of the world, and it has developed partnerships with a number of leading solutions and services providers. Nonetheless, the newly announced tie-up with RSA marks a significant step forward for both companies, as well as for many potential customers, who have just more than 12 months to address compliance before the GDPR comes into force in May 2018. Ovum believes that solutions providers in general are in danger of being seen as "late to the table" in their responses to enterprises' GDPR-related requirements, and it is encouraging to see this partnership addressing market needs in a more timely way.
The EU's General Data Protection Regulation,TE0007-001037 (August 2016)
EU's General Data Protection Regulation (GDPR) to have Greater Impacts on Enterprises,IT0018-001525 (April 2017)
Data Privacy Legislation Impact on Enterprises,IT0018-001493 (April 2016)
"On the Radar: OneTrust's Privacy Management Software Platform aids compliance with data privacy regulations," IT0018-001520 (January 2017)
"The EU’s new GDPR is a necessary step, but its practical implementation will be problematic," TE0007-000966 (December 2015)
"New EU data protection regulation limits businesses relying on automated profiling," TE0007-001081 (November 2016)
"Regulatory changes are among the many Brexit-related headaches to come," IT0018-001499 (June 2016)
Alan Rodger, Senior Analyst, Infrastructure Solutions