OneTrust

OneTrust is an Atlanta-founded privacy, data-governance, and GRC platform. Kabir Barday started it in 2016 as GDPR compliance moved from policy debate to delivery deadline. It is horizontal software, sold across every regulated industry — insurance carriers are one customer segment, not the design center.

What it covers. One SaaS stack spans privacy management (data mapping, DSAR fulfillment, consent and preference management), third-party risk, GRC, and — since the shift toward AI regulation — AI governance. The bundling matters: most insurance buyers arrive for privacy and end up consolidating vendor risk and AI governance on the same platform.

Analyst posture. OneTrust is a Leader in the 2025 IDC MarketScape for Worldwide Data Privacy Compliance Software (November 2025) and a Leader in the 2025 IDC MarketScape for Worldwide GRC Software (June 2025). IDC's 2022 market-share report ranked OneTrust #1 in data privacy management software for the fourth consecutive year at 30% share — roughly twice the nearest competitor. Gartner named OneTrust a Leader in the 2026 Magic Quadrant for Third-Party Risk Management Tools for Assurance Leaders and recognized it in the 2025 Gartner Market Report for AI Governance Platforms.

Insurance customers that are publicly named. Sara Assicurazioni (Italy, founded 1946) went live in 2022 for cybersecurity risk and has since expanded into privacy, regulatory compliance under Italian laws 231 and 262, and DORA-aligned third-party oversight. Allianz Group used OneTrust's privacy management software to scale its global GDPR program and won the 2017 HPE-IAPP Privacy Innovation Award. These are enterprise privacy and risk deployments, not insurance-line workflows — OneTrust does not price, underwrite, or adjudicate claims.

Ownership. Privately held, venture-backed. Insight Partners led the $200M Series A in 2019 at a $1.3B valuation and participated in subsequent rounds. Coatue co-led the $210M Series B ($2.7B valuation); TCV led the December 2020 $300M Series C ($5.1B valuation). Generation Investment Management led a $150M round in July 2023 that put the post-money valuation at $4.5B with cumulative funding above $1B. In November 2025, The Information reported active discussions with multiple private-equity buyers — Marlin, Vista, Thoma Bravo, Blackstone, KKR, Silver Lake — at a rumored deal size north of $10B. As of the last verified date, OneTrust remains independent and VC-backed; a PE exit would reclassify it.

Action taxonomy. None of Phidea's current insurance action slugs — claims triage, FNOL intake, damage estimation, underwriting document extraction, catastrophe risk modeling, the rest — maps to what OneTrust does. Consent management, data subject access requests, vendor risk questionnaires, and AI model inventories live upstream of insurance operations and horizontally across the enterprise. The `actions` field is left empty rather than forced into a bad fit. If Phidea adds a `privacy-and-grc` or `ai-governance` action, OneTrust belongs there.