OneTrust Secures $300 Million Series C Funding at a $5.1 Billion Valuation led by TCV

ATLANTA, Dec. 21, 2020 /PRNewswire/ — OneTrust, the largest and most widely used privacy, security, and data governance technology platform, today announced a $300 million Series C funding round. The funding values OneTrust, founded in 2016, at $5.1 billion and brings the company’s total money raised in the last 18 months to $710 million. TCV signed on as a new investor and led the round, joined by OneTrust’s existing investors, including Insight Partners and Coatue.

Watch the video: Kabir Barday, CEO and Blake Brannon, CTO, discuss OneTrust’s growth to a $5.1 billion-valued leader in privacy, security, and governance

OneTrust’s technology sits as the epicenter of trust for organizations, enabling strong privacy, security, data governance, and ethics and compliance practices that underpin their digital transformation. As organizations strive for increasing levels of efficiency and agility in their transformation journey, they are looking for a platform approach to managing privacy, security, and governance requirements across an increasingly complex regulatory environment.

Today, 7,500 organizations, including more than half of the Fortune 500, use OneTrust’s technology to comply with the world’s privacy, security, and compliance requirements, including GDPR, CCPA, LGPD, ISO 27001, NIST, DOJ Guidelines, and hundreds of other laws and frameworks. The list of regulations an organization must comply with continues to rise. In 2020, sweeping privacy laws came into effect in California, Brazil, and others, and Gartner predicts 65% of the world’s population will be covered under modern privacy regulations by 2023, compared to just 10% today.

OneTrust has pioneered a true platform approach to trust with its modular products that are built on a single code-base and have been awarded 130 patents. Product offerings include:

  • OneTrust Privacy – Privacy Management Software 
  • OneTrust DataDiscovery™ – AI-Powered Discovery and Classification 
  • OneTrust DataGovernance™ – Data Intelligence Software
  • OneTrust Vendorpedia™ – Third-Party Risk Exchange 
  • OneTrust GRC – Integrated Risk Management Software 
  • OneTrust Ethics – Ethics and Compliance Software 
  • OneTrust PreferenceChoice™ – Consent and Preference Management Software 

In less than 18 months, OneTrust raised $710 million in funding. Since its founding in 2016, OneTrust has grown to the largest and most widely used privacy, security, and governance technology and achieved the #1 spot on the 2020 Inc. 500 list of fastest-growing private companies.

“OneTrust is leading the market outright and showing no signs of slowing down or stopping,” said Ryan O’Leary, senior research analyst, Legal, Risk, and Compliance at IDC in the report: Market Share Worldwide Data Privacy Management Software Market Shares, 2019: OneTrust Dominates the Competition. Other key analyst recognition includes:

“Our mission is to build the technology platform that creates the trust fabric of an organization, while addressing the hundreds of privacy, security, and compliance requirements they are faced with today,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy. “We were excited when TCV approached us for an investment. Even with most of our previously raised funds still available, their partnership allows us to further accelerate our mission, leverage our capital and currency to drive organic and inorganic growth, and deliver for our customers and partners long term.”

“Consumers and regulators are demanding that every company on the planet comply with complex and ever evolving privacy regulations,” said Tim McAdam, General Partner at TCV. “There are hundreds of regulatory initiatives in the works emanating from all major countries. OneTrust has emerged as the runaway SaaS leader in the trust and privacy arena. Kabir and his team have built the only truly global privacy platform allowing companies at any stage or size to own their privacy initiatives and remain compliant. TCV is honored to partner with such a rapidly growing and category-defining company led by an outstanding team of innovators.”

For information or to request a demo, visit OneTrust.com

OneTrust, OneTrust DataDiscovery, OneTrust DataGovernance, and OneTrust PreferenceChoice are registered trademarks or trademarks of OneTrust LLC or its subsidiaries in the United States and other jurisdictions.

About OneTrust
OneTrust is the #1 fastest growing and most widely used technology platform to help organizations be more trusted, and operationalize privacy, security, data governance, and ethics and compliance programs. More than 7,500 customers, including half of the Fortune 500, use OneTrust to build integrated programs that comply with the GDPR, CCPA, LGPD, ISO 27001, NIST, DOJ Guidelines, and hundreds of other laws and frameworks.

The OneTrust platform is powered by the OneTrust Athena™ AI and robotic automation engine, and our offerings include:  

  • OneTrust Privacy – Privacy Management Software 
  • OneTrust DataDiscovery™ – AI-Powered Discovery and Classification 
  • OneTrust DataGovernance™ – Data Intelligence Software
  • OneTrust Vendorpedia™ – Third-Party Risk Exchange 
  • OneTrust GRC – Integrated Risk Management Software 
  • OneTrust Ethics – Ethics and Compliance Software 
  • OneTrust PreferenceChoice™ – Consent and Preference Management Software 

Be a More Trusted Organization™. To learn more, visit OneTrust.com or connect on LinkedIn and Twitter

About TCV
Founded in 1995, TCV provides capital to growth-stage private and public companies in the technology industry. TCV has invested over $14 billion in leading technology companies and has helped guide CEOs through more than 125 IPOs and strategic acquisitions.

TCV’s software investments include Alarm.com, Altiris, Ariba, Avalara, ExactTarget, ETQ, FinancialForce, Genesys, IQMS, OSIsoft, Oversight, Silver Peak, Sitecore, SMT, Splunk, Vectra, and many more. TCV is headquartered in Menlo Park, California, with offices in New York and London. For more information about TCV, including a complete list of TCV investments, please visit http://www.tcv.com.

1IDC, Worldwide Data Privacy Management Software Market Shares, 2019: OneTrust Dominates the Competition, Doc # US46214219, April 2020

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Media Contacts
Gabrielle Ferree, OneTrust
+1 770-294-4668
media@onetrust.com

Katja Gagen, TCV
+1 415 690 6689
kgagen@tcv.com

SOURCE OneTrust


At the Cutting Edge of the Governance Risk and Compliance (GRC) Sector – Leveraging Compliance Data to Drive Business Value

By Nari Ansari and Gal Peleg

Compliance seems to divide enterprises into three categories: those that primarily publicize it as proof of “good governance,” those that actually push the boundaries far enough to bring consequences, and everyone else with their heads down, trying to address whatever regulatory standards govern their industry and the seemingly ever-changing nature of those standards.

Now a fourth group is emerging, charting their own course. These enterprises are turning compliance to their advantage by mining compliance data for digital gold: insights that increase efficiency and competitive advantage. Like the governance crowd, they have automated many compliance functions with emerging software solutions. They are looking at the resulting data with fresh eyes and using it to improve their businesses.

More Regulation…

Most people think of compliance in terms of rules and regulations imposed by lawmakers and other governing bodies, for good reason: there is a proliferation not just of new regulations but of whole new regulatory frameworks such as Dodd-Frank and GDPR. Even long-time frameworks such as SOX, HIPAA, and FCPA continue to evolve. Yet at the same time, many enterprises are setting rules of their own to address an increasingly complex environment that includes global supply chains, cybercrime, trade wars, Brexit, and other evolving risks.

In the end, it doesn’t matter where the rules come from: compliance, and the documentation that comes along with it, is essential for managing risks and maintaining brand reputation. The roster of damaged brands from just the past few years illustrates what can happen when risk and compliance management break down.

Until recently, enterprises managed compliance risks with home-grown, often siloed and disparate initiatives that focused on people and processes. The components included manual record-keeping, time-consuming audits, constant training, ever-lengthier supplier questionnaires, C-level compliance positions, and board-level reporting. The reams of information gathered and presented were considered useful mainly for answering a simple question: Are we compliant or not?

Then a new question arose: Can we at least automate and digitize risk and compliance data, like we have done with so many other processes? The answer to that question is clear: We can, thanks to a growing community of companies providing governance, risk, and compliance (GRC) technology solutions that automate the process of collecting, aggregating, analyzing, and presenting relevant data while reducing their costs to the organization.

…Meets Smarter Compliance

We believe that just as homegrown compliance structures created the opportunity for digitization, a critical mass of companies are now positioned for a new opportunity that may eclipse the earlier one. Data that was once viewed merely as fuel for the compliance machine can now be considered a strategic output in its own right, with value to the business beyond compliance.

Whether it’s a bank mining Know Your Customer data to pitch targeted travel insurance to its customers or a CPG manufacturer analyzing complaint data from the Consumer Financial Protection Bureau to improve its manufacturing methods, we see an opportunity for companies to extract incremental, “offensive” business insight from large risk, compliance, and regulatory data sets.

Why Now?

This opportunity represents a convergence of what may seem unrelated factors. But let’s remember that in a globalized, highly competitive economy there are few trends that arise in isolation.

The first trend we note is a dramatic change in the people sitting in the chief compliance officer (CCO) chair. Russell Reynolds Associates analyzed the career backgrounds of 72 CCOs in banking, insurance and asset management and reported that “gone are the days of principally legal and compliance executives nabbing the top job in the compliance function.” So who’s getting the job instead? According to the report, it’s “broader-focused appointees from consulting, risk and audit. This new breed of appointees would be well-positioned to contextualize compliance (and the associated cultural change) in the wider picture of the organization.” In other words, compliance executive leadership is not just for lawyers and specialists – it’s for multidisciplinary executives who are as fluent with brand value and enterprise risk as they are with the P&L and operations.

The second trend we note is increased use of AI/ML. The transportation sector is a leading example, in part because it is heavily regulated. Shipping companies, notably UPS, now place dozens of monitors on their vehicles for compliance with internal and regulatory rules – and then apply AI to the monitor data to optimize delivery routes and driver behaviors in ways that squeeze out fuel costs and improve customer satisfaction. Fleet operators are further served by solutions from the likes of Keep Truckin, Samsara, and Geotab, which help improve driver safety and increase the precision of preventive maintenance.

The third trend is the evolving consumer privacy landscape. Ironically, more robust data protection and security regulations such as GDPR can actually serve to enhance business value by increasing the trust between companies and their customers. In its January 2018 report, “How GDPR is an Opportunity to Create Business Value”, Gartner notes that “handled effectively, there is great potential to obtain consent to increase data access, use, and sharing rights — aligned with goals of a wider organizational data and analytics strategy. This can help drive competitive advantage, while also helping to achieve compliance in other countries and regions.”

Examples of Leveraging Risk & Compliance Data to Drive Business Value

These are examples of companies that are helping advance the use of risk and compliance data for improving everything from customer experiences to supply chain performance to more effective emergency response:

  • Avetta’s customers use Avetta to certify compliance quality of its suppliers (green flag, yellow flag, red flag) and then mine the data to identify which suppliers are best trained and best equipped for certain on-site jobs.
  • Higher education institutions have long collected data to achieve and maintain external accreditation. Watermark Insights helps universities and colleges not only collect, digitize, and report on that data to demonstrate effectiveness, but also to use it to inform curricular changes and improve student outcomes. 
  • AxiomSL’s financial services clients utilize its data integrity and control platform and its risk calculation and reporting solutions to satisfy regulatory requirements across the globe systematically.  With trusted data, banks are now also able to identify opportunities to fine-tune capital/credit risk and deliver compelling business insights across the enterprise.
  • Global Trade Management solutions from the likes of Descartes and Amber Road (now a part of E2OPEN) have long been used to satisfy mandatory export compliance obligations (e.g. restricted party screenings) and to remain abreast of regional duty programs and tariffs. But by marrying these regulatory datasets with companies’ more “traditional” supply chain data (such as bill of materials and transportation fees), clients are now able to more accurately forecast true landed costs (the total price of the shipment including customs, duties, taxes, tariffs, etc.), all the while minimizing risks and delays.
  • Rave Mobile Safety enables schools to automate collection of and access to critical facility information (e.g., floor plans, alarm information), which they need to remain compliant with fire department ordinances – and it also provide 911 dispatchers and first responders better real-time capabilities when emergencies arise.
  • Information governance and eDiscovery vendor Nuix is well known for its deep technical capabilities in high speed processing and analytics around vast data sets, typically in the context of litigation and investigations.  But enterprise clients are also able to leverage the platform to create “data lakes”, making data more accessible for re-use in future investigations, litigations and data management programs, helping reduce costs.
  • Biopharma companies rely on software from ETQ for much more than compliance with FDA requirements; they also leverage the data to mitigate and prevent high-risk events, scale operations more effectively, and streamline their go-to-market activities.

There are many other examples of organizations across industries utilizing technology from GRC vendors to not only achieve their risk and compliance objectives, but also advance their strategic objectives.  The trend is still very much in its early days, but it provides an exciting avenue for continued growth in the sector.  As an experienced technology focused growth equity firm, TCV is committed to investing in the category innovators in the GRC space and has invested in such companies as Avalara, AxiomSL, Avetta, LegalZoom, Rave Mobile Safety, RiskMetrics Group, and Watermark Insights. 

***

The statements, views, and opinions expressed are those of the speakers and do not necessarily reflect those of TCMI, Inc. or its affiliates (“TCV”). TCV has not verified the accuracy of any statements by the speakers and disclaims any responsibility therefor. This interview is not an offer to sell or the solicitation of an offer to purchase an interest in any private fund managed or sponsored by TCV or any of the securities of any company discussed. The TCV portfolio companies identified, if any, are not necessarily representative of all TCV investments and no assumption should be made that the investments identified were or will be profitable. For a complete list of TCV investments, please visit www.tcv.com/all-companies. For additional important disclaimers, please see “Informational Purposes Only” in the Terms of Use for TCV’s website, available at http://www.tcv.com/terms-of-use/.