Support Centre

International - OneTrust Privacy Governance Framework

August 2019


The OneTrust Privacy Governance Framework provides companies with the building blocks of a comprehensive privacy program. Companies can use this framework as a blueprint to start a new program or use it as a reference to look for areas to increase accountability in an existing  program. The framework was published on 23 July 2018. The OneTrust Privacy Governance Framework consists of ten pillars which align to nine key data privacy regulations, standards, and guidance. The goal of this framework is to summarize the recurrent and common elements from these regulations, standards, and guidance. Through the summarization, OneTrust is able to identify the foundations of a privacy governance program that organisations could follow to build an accountable privacy program. Those foundations are presented in the form of ten pillars in the OneTrust Privacy Governance Framework. Each pillar is accompanied by sub-elements with corresponding questions allowing organizations to understand what needs to be created or added to have a comprehensive privacy program. The nine regulations, standards, and guidance are:

The ten pillars are:

  1. Privacy leadership
  2. Policies and processes
  3. Privacy by design and by default
  4. Training and awareness
  5. Demonstrate compliance
  6. Individuals' rights
  7. Security
  8. Privacy control and risk management
  9. Incident response
  10. Enforcement and redress

More details about the ten pillars and its implementation checklist can be found in the OneTrust Governance Framework whitepaper.