Companies are always trying to respond to the needs of their customers. But can they sometimes be too responsive?
That’s what we wondered as we researched OneTrust. Founded in 2015, the global company (headquartered in Atlanta and London) got into the privacy software business just as regulations were exploding. First came the EU’s General Data Protection Regulation (GDPR), and then the California Consumer Privacy Act (CCPA). Companies need plenty of help implementing and complying with these and other new laws, and OneTrust has been racing to give it to them.
As we prepared for a briefing from the company’s global marketing professionals, our team of analysts at TAG Cyber read reviews of their products. Among the sites we consulted was G2.com, which asks validated reviewers to discuss both what they like and what they don’t.
The responders found a lot to praise. Several noted that OneTrust is the market leader in this area. And its software was found to be a great help by almost everyone who wrote a review. But several pointed out a paradox.
One reviewer, discussing what he liked, wrote: “They are always adding new items to the product.” For his dislikes, he said: “So many things are added, it is hard to keep up with the latest.” He wasn’t the only reviewer who raised the question: Was this too much of a good thing?
When our briefing began, Ryan Edge, Head of Product Marketing in London, noted that the firm is the fastest growing, best-funded and most widely used platform in this field. He also talked about the company’s “hyperagile development,” which results in new products every three or four weeks, often in response to customer feedback.
We took this as an opportunity to raise the question. Could it be too much?
He didn’t sound surprised. He seemed to be familiar with the reviews we’d seen. The tweaks are necessary, Edge said, because “the market is so dynamic and moving so quickly that we have to be able to respond to that.” The goal is to “minimize the impact” of all the changes, he added.
In fact, he went on, if a feature is pushed out that is not something a client needs or wants, that’s fine. Customers are always in charge, because they have to turn on the feature to make it functional. It’s all explained in the release notes, Edge said.
That reminded us of another complaint we saw—about having to stop to review the notes for each release. “Couldn’t this be done better?” the reviewer wondered. We passed the query to Edge.
Yes it can, he said. And it is. OneTrust now has videos and screen shots that explain new features. And these explanations are often embedded in the platform as popups—there when users need them.
And the choices, he pointed out, are not limited to turning on new features or leaving them off. The proliferation of state data breach notification laws is another example of the rapid changes. All 50 states have their own laws now, and companies may be hard-pressed to keep up.
OneTrust clients can look them up on the platform state by state. The DataGuidance platform is supported by 40 full-time legal researchers and a network of 500 lawyers across 300 jurisdictions. But if clients prefer, the platform will automate the process, allowing them to access relevant laws based on the information they have uploaded about the states in which they do business.
Beyond that, Edge said, the company has expanded the support it now offers, which is available in 100 languages. And it doesn’t end there. OneTrust has an active user community that numbers more than 20,000, buttressed by 125 regional chapters and two global user conferences. There’s also a portal that provides access to a library of articles, forums and recommended best practices.
So, does OneTrust challenge customers with all those new features? Yes it does. But the company listens to what clients say, gives them opt-in choices and provides a wealth of support. And come to think of it, these are the same things that advocates have been praising about those big new privacy laws.