Privacy startup OneTrust reaches $1.3 billion valuation, offering tools for GDPR compliance

Privacy startup OneTrust reaches $1.3 billion valuation, offering tools for GDPR compliance

A privacy startup that helps companies navigate the complexities of the EU’s General Data Protection Regulation (GDPR) reached a $1.3 billion (€1.16 billion) valuation in its first round of funding, an achievement rivaled by few other tech startups, according to Forbes

It’s rare to reach $1 billion in a first round of funding, but after raising $200 million in a Series A funding round, US-based privacy firm OneTrust reached a valuation of $1.3 billion. 

The company was founded three years ago, just months after the EU passed the strict consumer privacy protections that would take effect two years later. CEO Kabir Barday saw an untapped market in helping companies adapt to the sweeping and complex regulations. 

“We’re talking about an operational overhaul in a company’s practices,” Barday told TechCrunch. “That requires the right technology and reach to be able to deliver that at a low cost.”

The EU’s GDPR gives users control over their personal information online, makes companies more accountable for data breaches, and allows for serious penalties in the event of violations. 

Earlier this week, British Airways was issued the largest fine yet under the GDPR, at £183 million. And the regulations would have allowed for a fine twice that size. As a result of the complexity of the regulations and the severity of the consequences, demand for privacy technology is soaring.

The company already has around 3,000 clients in 100 countries, over 100 of which are Fortune 500 companies. The new funding will be used to expand this reach and to develop new technology—they currently has 50 patents filed with another 50 applications pending. 

OneTrust offers privacy management software that manages data collection and issues reports on compliance in various jurisdictions, as well as services to manage other aspects of data security, such as helping companies assess the risks of working with certain third-party vendors. Their platform offers data mapping automation to help clients comply with the ever-growing range of privacy laws in various jurisdictions. The new funding will help boost research and development. 

Barday identified a gap in the market early on, leaving enterprise tech startup AirWatch to work on privacy technology “before anybody was paying attention to it,” he says. 

Since then, not only has the GDPR gone into effect, other countries like Nigeria and Brazil, as well as US states like California, Nevada, and Maine, have passed their own privacy laws, creating a complex patchwork of regulations around the world. 

Image by Pete Linforth from Pixabay