OneTrust Simplifies GDPR Compliance for Marketers
LONDON, March 6, 2018
OneTrust, a global leader in enterprise privacy management software that supports compliance with data privacy regulations – including the EU General Data Protection Regulation (GDPR) and ePrivacy Directive – today announces the availability of a Universal Consent and Preference Management solution.
Under the GDPR, consent is one of six legal grounds that marketers can rely on to process personal data. Given the stringent criteria required for valid consent under GDPR, collecting proper consent in practice will be challenging. However, driven by the proposed text of a new ePrivacy Regulation, which would make consent the sole legal basis for processing in most marketing scenarios, paired with public statements made by various European regulators encouraging consent, many organisations are moving towards implementing a consent-based GDPR compliance strategy for marketing activities.
Consent has very specific requirements in GDPR that organisations must be mindful of if they are selecting it as the legal basis for processing. For consent to be valid, it must be freely given, specific, informed and unambiguous, and given with a clear affirmative action. As organisations collect personal data on web forms, mobile apps, paper forms, phone calls, emails, and more, the task of managing the validity of all consent interactions becomes increasingly complex. Additionally, in GDPR, the burden falls on the controller organisation to prove the consent is valid, which requires consent records to be maintained to show who consented, when they consented, how they consented, and what they were told at the time. Maintaining an accurate audit trail of valid consent is becoming increasingly important and difficult, specifically within marketing departments.
OneTrust’s Universal Consent and Preference Management tool simplifies these challenges, and helps organisations collect valid consent. OneTrust serves as the central consent database, adaptable to different consent models, jurisdictions, frameworks, and sectors.
OneTrust integrates into an organisation’s existing marketing and IT technologies to manage the entire consent lifecycle, from collection to withdrawal.
– Integrate OneTrust into existing consent collection points, including web forms, mobile apps, emails, support calls, and paper forms, to collect and generate a record of valid consent
– Enable data subjects with greater visibility and control over marketing communication settings with a tailorable preference centre
– Centralise consent records to demonstrate compliance, and enable high-level executive dashboards, or granular reporting for internal or regulatory audits
– Use the OneTrust REST API, SDK, and data feeds to sync consent and preference settings with your existing marketing technologies, such as Customer Relationship Management (CRM), Marketing Automation Platforms (MAP), Content Management Systems (CMS), Data Warehouses, and Identity Management applications
The Universal Consent and Preference Management solution is a critical component of the OneTrust Marketing and Web Compliance product suite, which also includes solutions for Cookie Compliance and Website Scanning, Data Subject Rights, and Policy and Notice Management. The solutions are fully integrated into the OneTrust Privacy Management Software platform, one of the world’s most prevalent technologies to support and implement a comprehensive privacy programme.
“Establishing and documenting the validity of consent is among the most widely discussed topics for marketers ahead the impending overhaul of EU privacy laws,” said OneTrust CEO and Fellow of Information Privacy (FIP), Kabir Barday. “OneTrust’s ability to deliver innovative solutions that address specific needs for marketers demonstrates our commitment to simplifying compliance throughout the entirety of an organisation. As more guidance becomes available, OneTrust will continue developing features and solutions to operationalise privacy processes.”
OneTrust’s privacy management software is used by more than 1,500 organisations to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and ePrivacy (Cookie Law).
The multi-lingual software is deployed in an EU cloud or on-premise, and is based on a combination of intelligent scanning, regulator guidance-based questionnaires, and automated workflows used together to automatically generate the record keeping required for an organisation to demonstrate compliance to regulators and auditors.
OneTrust helps organisations implement GDPR requirements, including: Data Protection by Design (PbD), Data Protection Impact Assessments (PIA / DPIA), Vendor Risk Management, Incident and Breach Management, Records of Processing (Data Mapping), Universal Consent and Preference Management, ePrivacy Cookie Consent, Data Subject Access, Portability, and Right to Be Forgotten.