Case Study: Drax Group achieves centralized privacy visibility and scalable DSAR automation with OneTrust

Drax Power Privacy with OneTrust

Drax, a large UK-headquartered energy company operating across the UK, Canada and the US, needed better ways to protect and manage personal data for its ~200k customers and 3,400 employees while meeting GDPR, PIPEDA and other regional rules. The privacy team sought visibility of what data they hold, where it’s stored, who can access it, incident preparedness, scalability for high volumes of requests, and tighter cross-team collaboration — and selected OneTrust to deliver those capabilities.

OneTrust deployed multiple modules (Assessment Automation, Data Mapping, DSAR, Vendor Risk Management, Incident Response, Cookie Compliance and Awareness Training) and integrated with ServiceNow and Power BI. The Data Mapping module automates population of the asset register, reducing manual work and limiting access needs; the DSAR module now handles subject access plus law-enforcement requests, COVID reporting, employee monitoring and FOI tasks; and Cookie Compliance was rolled out across 12 domains. As a result, OneTrust centralized Drax’s privacy management, increased accuracy, saved time, improved security and provided dashboards used by governance bodies to drive targeted training and response.

Drax

Florence Ampofo-Anim

Data Protection Manager