- Field Notes from FLLR Consulting
- Posts
- Field Notes from FLLR: TrustWeek NYC Recap
Field Notes from FLLR: TrustWeek NYC Recap
A newsletter on the latest in privacy tech from FLLR Consulting
Param Gopalasamy
September 26, 2025
Field Notes from FLLR
What TrustWeek NYC Means for Your Privacy Program (and what to expect moving forward)
 Nik Fuller, CEO, FLLR Consulting Email: [email protected] |  Dan Harms, Managing Partner, FLLR Consulting Email: [email protected] |
We got back from TrustWeek NYC earlier this month - check out some photos and the incredible KBBQ we ate. Highly recommend Grace Street for a sweet treat, very yum.
 At our booth |  KBBQ |  Grace Street |
But let's talk business.
With TrustWeek San Francisco happening next Tuesday, we wanted to share our detailed analysis from NYC. Privacy technology just took a significant leap forward, and the implications for enterprise programs are substantial.
Here's what privacy and compliance leaders need to understand about the platform evolution and its practical application.
The 3 Capabilities That Will Define Privacy Operations in 2025
1. Rethinking Privacy Operations with AI Agents
The Platform Update: AI Agents that pull context from enterprise collaboration tools to auto-complete privacy assessments.
FLLR's Analysis: Many enterprises face constant pressure to reduce OPEX budgets while managing increasingly complex compliance requirements. With 500+ restructuring events in tech alone this year, teams are being asked to do more with less. Meanwhile, 20 active state privacy laws with multiple amendments in flight create expanding obligations.
It's not uncommon for large, global enterprises to spend six figures annually (sometimes significantly more) on outsourcing PIA, DPIA and AI Risk Assessment reviews. High volumes combined with stagnant or decreasing internal headcount limits approval velocity, creating two critical problems: expanding compliance risk from oversights and delayed time to market for products and services.
Implementation Requirements: These agents will conservatively reduce contractor spend by 20-30% while freeing internal teams for strategic initiatives. However, enabling these features without proper configuration will only capture a fraction of the potential value.
Success requires:
Custom training on your specific regulatory interpretations
Configuration for your risk tolerance levels
Integration with existing assessment workflows
Clear governance for agent decision-making
Establishing what business value looks like for your program
What This Means for Your Program: The Privacy Office can evolve from compliance cost center to business enabler of speed, efficiency and resilience. Agents can quantifiably increase consistency in review cycles and position privacy as a cross-functional business partner. Calculate your current outsourcing spend and review cycle times to build your business case.
2. Reducing Vendor Risk Bottlenecks
The Platform Update: Interactive copilots enabling vendor onboarding in minutes instead of months.
FLLR's Analysis: It's becoming increasingly common for clients to share that vendor onboarding is a blackhole: 3+ months to navigate, one-size-fits-all regardless of vendor criticality. This isn't just an operational inconvenience; there are tangible financial and strategic costs.
Consider the revenue impact when vendor delays push back holiday marketing campaigns, product rollouts, or customer programs. Missing these windows means realized revenues slip by weeks if not months. The key is operationalizing your tech stack to move with the speed of business, not against it.
Implementation Requirements: Looking closely at the TPRM agent, the risk taxonomy including categorizations, weighting and criticality tiers requires careful management. The agent won't fix a weak vendor governance program. Your program foundations need stable architecture before agent efficiencies become real. This includes:
Properly designed vendor inventories
Defined risk taxonomies aligned to your business
Automated control frameworks
Clear escalation paths for high-risk vendors
What This Means for Your Program: Injecting a dedicated Third Party Risk agent into onboarding workflows can remove manual intervention for phase one due diligence, refocusing internal efforts on triaging actual risks across security, compliance and privacy. Architecting a durable, efficient and scalable vendor governance lifecycle drives innovation across all corporate functions. (Reference our Strategic Guide to TPRM: https://www.fllrconsulting.com/the-strategic-guide-to-tprm)
3. Data Platform Integration for Real-Time Compliance
The Platform Update: Direct integration with Databricks enabling auto-generated PIAs triggered by dataset changes.
FLLR's Analysis: Most organizations are modernizing their data platforms, with over half of Fortune 500 companies on Databricks alone. With Databricks' $4B+ annualized run rate growing at 50%+ YoY, the majority of enterprises are likely utilizing or evaluating their platform.
The challenge: privacy and governance controls lag behind data platform adoption. After-the-fact compliance naturally increases enterprise risk surface area. Datasets change faster than privacy and risk teams can assess, creating a persistent gap between data innovation and compliance.
Implementation Requirements: The new integration capabilities significantly strengthen the OneTrust-Databricks relationship, bridging the gap for compliant innovation. Success requires:
Mapping existing data governance policies to privacy requirements
Configuring automated PIA triggers appropriately
Establishing clear ownership between data and privacy teams
Building workflows that don't slow data velocity
What This Means for Your Program: For Databricks users, this represents the fastest path to automated privacy compliance. The platform can adapt to your data architecture evolution in real-time, eliminating lag between data changes and privacy assessments. For organizations not on Databricks, evaluate whether platform migration makes sense or if alternative integration strategies better serve your needs.
FLLR's Perspective: The Implementation Reality
Technology Alone Doesn't Create Advantage Privacy technology is approaching an inflection point. The capabilities demonstrated in NYC weren't distant visions but proof points of how global enterprises can rearchitect operations. But here's the truth: technology itself doesn't create competitive advantage. Execution does.
What Success Actually Requires Organizations that invest in expert, disciplined implementation see measurable results: long-term ROI, reduced regulatory exposure, and privacy operations that drive business outcomes rather than slow them down. This means:
Strategic planning before implementation
Custom configuration based on your specific requirements
Ongoing optimization, not one-time setup
Clear metrics for measuring value delivery
Join us at TrustWeek San Francisco
Come by our booth or coffee bar at TrustWeek SFO to chat about how these capabilities apply to your specific program challenges.
Haven't registered yet? Use code TW25FLLR at: https://www.onetrust.com/trustweek/san-francisco/
Resources:
Strategic Guide to TPRM: https://www.fllrconsulting.com/the-strategic-guide-to-tprm
7-day AI Governance Email Course: https://fllr.kit.com/ai-governance-course
Connect with our team:
Nik Fuller, CEO: [email protected]
Dan Harms, Managing Partner: [email protected]
Zack Meszaros, Account Director: [email protected]
Andrew Stroefer, Account Director: [email protected]
FLLR Consulting: Unlocking business value from privacy tech.