OneTrust

About OneTrust

OneTrust is an Atlanta-headquartered privacy and compliance technology company founded in 2016 that has grown to become the dominant platform in the privacy management space. It is used by more than 14,000 organisations globally, including the majority of Fortune 500 companies, and covers an exceptionally broad set of compliance use cases: consent and preference management, website cookie compliance, data mapping and discovery, vendor due diligence and third-party risk management, data subject access request (DSAR) automation, privacy impact assessments (PIAs/DPIAs), incident response, ethics hotlines, ESG reporting, and — increasingly — AI governance and transparency frameworks. The OneTrust platform is modular, allowing organisations to deploy individual modules (e.g., Consent Management Platform, Privacy Rights Automation, Vendor Risk Management) independently or as an integrated suite. This modularity makes it suitable for both SMEs implementing basic GDPR compliance and large enterprises managing complex global privacy programmes. The Consent Management Platform (CMP) is the most widely deployed module and powers cookie banners and consent frameworks for millions of websites. For European organisations subject to GDPR, OneTrust is deeply specialised. It maintains a dedicated GDPR module with pre-built workflows for DPIAs, Records of Processing Activities (RoPA), Article 30 documentation, data breach notification (72-hour clock management), and DPA templating. It also covers national DPA-specific requirements for key EU markets. As of 2025, OneTrust has added AI governance modules covering the EU AI Act requirements — risk classification, transparency documentation, and human oversight tracking. Despite being a US company, OneTrust has made significant investments in EU data residency. It offers EU-hosted deployments (AWS Frankfurt and Dublin), and its EU customers' data can be configured to remain within the EU. The company holds ISO 27001, ISO 27701, SOC 2 Type II, and CSA STAR certifications, and provides comprehensive DPAs for all customer tiers. SCCs are available and regularly updated to reflect regulatory developments. Pricing is enterprise-oriented and quote-based. OneTrust does not publish standard pricing, as modules are licensed separately based on organisation size and deployment scope. Typical annual contract values range from tens of thousands for SME deployments to seven figures for global enterprise implementations. A free trial and limited free tier are available for basic website consent management. For any European organisation with serious GDPR obligations, OneTrust represents the most complete and well-validated compliance tooling option available.