OneTrust automates workflows for organizations seeking to comply with one or several regulatory frameworks worldwide. Channel Insider spoke with Ryan Edge, OneTrust’s director of privacy automation, and Jaymin Desai, its director of tech risk & compliance, to learn more about how the company helps customers approach compliance and how the industry is shaping up for 2025.
OneTrust platform unifies and simplifies complex paths to compliance
The OneTrust platform centralizes and organizes an organization’s data across disparate sources to best utilize that information in various compliance audits. The AI-driven automation and recommendation engine offers insights into potential gaps in compliance. It allows an organization to seamlessly leverage work already done on one framework to complete another. The new Compliance Automation suite promises the following to users:
- Propel teams from research to action: With over 50 out-of-the-box frameworks, Compliance Automation streamlines the learning curve and reduces the burden on high-cost resources, allowing teams to stay ahead of evolving standards and regulations.
- Drive compliance efficiencies: OneTrust’s powerful suite of tools and regulatory guidance allows teams to break down complex requirements into actionable tasks, automate evidence collection and “comply once, comply many” with flexible precision to de-duplicate workstreams with tailored project management and dynamic reporting.
- Streamline tools and processes: Compliance Automation integrates project management and reporting into a cohesive, scalable capability to fast-track audit-readiness for industry and regulatory compliance. Businesses can also take the pain out of demonstrating compliance to customers and partners through our Trust Profile and AI-powered questionnaire response capabilities.
“Regardless of where customers are in terms of maturity, we can meet them where they are at and scale with them into the future,” said Desai.
Part of the maturity model for organizations includes who within a company “owns” compliance. Edge said the more mature organizations widen the conversation to include marketing and sales and legal and security officials. As third-party data privacy regulations shift, the marketing function becomes critical to understanding where and how data is stored and used.
Data privacy: The founding focus of OneTrust
OneTrust is not new to the data privacy conversation. The vendor, launched in 2016, focused on privacy and has seen the regulatory landscape shift and broaden over the last several years.
“Privacy affected everyone post-2018 after GDPR went into effect, but what it looked like in 2018 is different to today,” said Edge. “For a while, it was ‘let’s just check the box and do it,’ basically to create an insurance policy against an issue.”
“Now, organizations are saying, ‘wait, this isn’t just a fine and we move on, this is impacting our ability to do what we want to do and serve our customers,’ and they are acting accordingly,” Desai said.
For OneTrust, this equates to a huge opportunity in the market to address pain points that still exist even as organizations’ approaches to compliance begin to mature.
“The concept of ‘how do I do compliance change management into the future’ is definitely one that businesses are thinking through now more than ever,” Edge said.
The automation and AI investments OneTrust has made within the platform aim to help with that change management. By automatically flagging new laws, changing regulations, and identifying different approaches a business might have to take, the platform cuts down on administrative research and, according to Edge and Desai, opens up more time for strategic conversations around compliance goals.
GenAI automates work and complicates compliance goals
Of course, OneTrust, like many other tech companies worldwide, sees GenAI as an opportunity not just for better tech but for a new use case for the platform entirely. As the European Union enacts the European AI Act, organizations might need a platform like OneTrust to ensure their AI use is compliant.
Edge said AI adoption and implementation is, at its core, a “data problem,” given the fact that any successful AI model will require deliberate organizing and classifying of internal and third-party data sources.
That said, Edge and Desai both also see GenAI tools as a massive opportunity to automate internal processes for organizations focused on compliance broadly.
“I do think compliance is one of those areas where there is a huge opportunity to use GenAI and large language models for automation and efficiency,” Edge said.
There are many compliance frameworks MSPs and their clients might need to understand. Learn more about the similarities and differences between NIST 800-171 and CMMC.