OneTrust
OneTrust is an enterprise software company that provides a unified platform for privacy, security, data governance, ethics, and compliance operations.
- Centralized platform for privacy program management and regulatory compliance
- Security and trust management workflows for third-party risk and internal controls
- Data governance and data discovery for structured and unstructured data estates
- Consent, preference, and cookie management across digital channels
- Ethics, compliance, and Environmental Social and Governance (ESG) program management for corporate governance teams
More About OneTrust
OneTrust provides an integrated software platform used by enterprises to manage privacy, security, data governance, ethics, and compliance functions across complex technology environments. Its offerings are positioned as a System of Record (SOR) and workflow engine for legal, security, data, and risk teams that need to operationalize regulatory requirements and internal policies across multiple business units and geographies.
The OneTrust platform typically connects to a wide range of enterprise systems, including customer-facing web properties, Software-as-a-Service (SaaS) applications, data warehouses, cloud infrastructure, and internal business applications. Through these integrations, organizations can automate data discovery, cataloging, and classification, support subject rights requests, and manage data processing activities. The platform is commonly used in contexts involving privacy regulations such as General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and related local frameworks, as well as broader security, risk, and governance standards.
In the privacy and consent management area (privacy management, consent and preference management), OneTrust enables enterprises to deploy cookie banners, consent collection interfaces, and preference centers across websites and mobile apps. These capabilities integrate with tag managers, content management systems, and marketing platforms to enforce user choices about tracking and communications. The tooling supports policy generation, assessment workflows, and reporting aligned to regulatory expectations for transparency and consent.
For security and third-party risk (governance, risk, and compliance), OneTrust provides modules that help organizations inventory vendors, assess third-party risk, and track contractual and security obligations. These features support questionnaire workflows, issue tracking, and remediation activities. In many environments, these capabilities complement existing security tools by focusing on governance, documentation, and cross-team coordination rather than network or endpoint protection.
Within data governance (data governance and discovery), OneTrust includes data mapping, discovery, and classification functions that tie data assets to business processes and regulatory requirements. These functions often rely on connectors to databases, data lakes, and SaaS applications, and can integrate with broader data management stacks. The objective is to provide visibility into where personal and sensitive data resides, how it flows, and which policies apply.
Ethics, compliance, and ESG modules (ethics and compliance management) give organizations a way to manage codes of conduct, policy attestations, whistleblowing hotlines, disclosures, and ESG reporting workflows. These capabilities are used by compliance, HR, and sustainability teams to centralize case intake, investigations, and training records and to align corporate programs with internal standards and external regulations.
Across these solution areas, OneTrust positions its platform for directory categories such as Governance, Risk, and Compliance (GRC), privacy management, consent and preference management, data governance and discovery, Third-Party Risk Management (TPRM), ethics and compliance management, and ESG program management. The software is typically deployed as a cloud-based service and is integrated into existing enterprise identity, security, and data architectures.