Case Study: Serco achieves a GDPR-ready, automated privacy program with OneTrust

Serco Transforms Their Privacy Program with OneTrust Leading the Way

Serco, an FTSE 250 provider of public services across defense, justice, transport, health and citizen services, faced the challenge of operationalising privacy across many contracts and sensitive data sets while preparing for GDPR. To replace unmanageable Excel processes and scale a cross‑company privacy program, Serco selected OneTrust, deploying products including Data Mapping & Inventory, Assessment Automation and PIA/DPIA automation as core components.

OneTrust’s Data Mapping and Inventory and Assessment Automation tools were implemented to centralise data flows, identify gaps, track remediation and distribute privacy questionnaires to business leaders and Data Protection Champions. The program included GDPR training for more than 400 managers, and OneTrust now touches every Serco contract, helping standardise DPIAs, improve collaboration and measurably scale Serco’s privacy operations.

Serco

Julie Varcoe-Cocks

Head of Ethics, Regulatory and Compliance and DPO