How Fortive tamed a complex compliance challenge with DPG's help

Creating a global multi-company cookie consent framework gave this industrial technology company something to chew on.

How Fortive tamed a complex compliance challenge with DPG's help

Creating a global multi-company cookie consent framework gave this industrial technology company something to chew on.

Elevating an already high compliance bar

Managing privacy and compliance is difficult enough when you’re controlling one company. When you’re managing20, the challenges become practically impossible. This was the problem facing industrial technology company Fortive, which called upon specialist The DataPrivacy Group for help.

Fortive is a large industrial technology company listed on the S&P 500. It controls over 20 companies with more than 17,000 employees, in businesses ranging from precision instrumentation through to advanced healthcare solutions. Named as one of the world’s most admired companies by Fortune in 2020, the company counts integrity and compliance as one of its core values.

This makes adherence to regulatory controls more than a box to be ticked atFortive. The company sets itself a high compliance bar. In fact, as assistant general counsel for privacy and data protection William Karazsia explains, there isn’t just one bar.

“We are one company with around 20 other companies underneath it,” he says. Whenever the parent company wants to build out a legal program, it must implement it across all of the operating companies.” Getting it right once is hard enough, but then you have to get it right again and again,” he continues.

Why work with us?

Fortive needed a system that would bring more cohesion to its privacy and compliance program. This would allow it to maintain its high levels of integrity and compliance in the face of rapidly evolving complex regulations that vary on a regional basis.

Cookie consent was one such thorny legal problem facing Fortive. Different countries have their own rules around collecting these small files, which relay information about website visitors and the devices they use.

“A company like Fortive could very easily find itself out of compliance with the cookie laws applied to websites globally,” Karazsia explains. “Every country has its own particular cookie requirements and then the task becomes understanding what your current state is before you go in and try to remediate it.” 

The key issue with Cookie Consent is how it impacts a business’s abilities to collect analytics data. Data that is integral to customer experience and pipeline growth. 

When cookie compliance was first initiated, two Fortive companies experienced a 20%to 50% drop in traffic. The Data Privacy Group designed the framework and messaging to engage with users to get their consent. Within days the analytics were within 97% of the levels prior to the initial implementation. 

One compliance system to bind them all

Fortive turned to the Data Privacy Group for help with its compliance and privacy challenges. It is an outsourced data privacy practice, formed to help companies grappling with diverse and complex privacy and compliance issues privacy technology and consulting company worked with Fortive to create a robust privacy system of record. It could then use this to create and control privacy and compliance programs for all of its companies from a single point.

DPG based this system on OneTrust, a privacy, security, and data governance system that enables companies to control all of these operations through a unified set of workflows. It’s a one-stop platform for formalizing and automating privacy, risk, and compliance controls.

DPG’s president and CEO Peter Borner has a long history of senior executive roles at companies ranging from Sony to British Telecom. Along with executive vice president and director of professional services Iain Borner, he has helped to steer over 100companies in 90 countries through privacy programs.

DPG came to Fortive with an instant understanding of its parent and operating company model, along with all the privacy and regulatory implications that carried. The two companies worked together closely on a OneTrust implementation that spanned Fortive’s global operations across over 50 countries.

The system gave Karazsia the privacy and compliance controls he needed over Fortive’s entire complex organizational structure. “It gives me a one view over the entire privacy and compliance footprint, globally,” he says. “It gives me the ability to launch workflows and to make sure that if there’s a deadline on something, it’s not missed.”

The system also helps him to measure key performance indicators, ensuring that all of those companies meet their risk and compliance targets. It takes much of the reporting work off his desk using a series of visual dashboards that aggregate the necessary information while allowing executives to drill down for further information where needed.

Digesting Cookie Consent

The OneTrust implementation gave Fortive the technical platform that it needed to tackle its global cookie consent challenge. It wanted a consent program that would allow each company to give its customers granular control over which cookies they allowed it to use.

DPG’s cookie compliance service accommodates regional differences in consent regulation. It is geographically aware so that it knows where each website visitor is located. This enables Fortive to deliver the correct cookie consent options for that jurisdiction. By using OneTrust as a platform, compliance staff can easily view audit trails for consent through intuitive visual dashboards.

The system also evolves as clients change their websites. If the company’s development team creates a new cookie, the system will recognize it and automatically update its cookie notices to stay compliant.

The implementation set Karazsia’s mind at rest. “A lot of times, companies that find themselves deeply out of compliance not only have an issue with the compliance problem itself, but they are over-collecting data,” he explains. Giving customers more control over their digital footprint on its website enables companies like Fortive to collect only the personal data that it needed, or to which they granted access.

Building a privacy platform to cope with future challenges

The ability to restrict data collection is a key factor in new wide-ranging privacy laws that are affecting business on both sides of the Atlantic. Europe’s General DataProtection Legislation (GDPR), California’s Consumer Protection Act (CCPA), and Brazil’s similar Lei Geral de Proteção de Dados (LGPD) all implement tough new controls that will change the way companies like Fortive engage with their clients.

DPG’s OneTrust implementation has created a robust platform for Fortive to handle this emerging and future legislation, Karazsia says. A fast and smooth implementation left the industrial technologies company with a solid foundation for future privacy and compliance developments.

“We were impressed at how quickly we got the job done with DPG, and impressed at the documentation and the artefacts that the team left behind,” Karazsia concludes. As regulatory developments continue to present this global company with new challenges it will be ready for anything.

Work with the world-leading OneTrust specialists

• We have implemented OneTrust in more than 400 companies in over 94 countries

• We’ve delivered more than 100 GDPR, CCPA and LGPD programs worldwide in 28 languages

• Our Fellows of OneTrust Privacy Technology are accredited experts in all OneTrust modules

• Our OneTrust client retention rate is 100% and we are recommended by global industry analysts

• We have developed templated forms, workflows, assessments and OneTrust solutions that can be deployed to fast track your journey to compliance and minimise your time to value

Speak to a OneTrust Hero

    Privacy Notice
    You can learn more about how we handle your personal data and your rights by reviewing our privacy notice.

    Privacy Notice
    You can learn more about how we handle your personal data and your rights by reviewing our privacy notice.