1 simple step to comply with EUDPD, GDPR, and other regulations

May 9th, 2017   /     /   product and technology

Does your company require you to agree periodically to Terms and Conditions, Privacy Policies, EULAs and so forth? Do you need to comply with the EU Data Protection Directive, General Data Protection Regulation, California Online Privacy Protection Act, Canada Personal Information Protection and Electronic Documents Act, or other regulations?

If so, I have great news for you! We’re happy to announce a new feature joining our family. It enables our customers to require users to agree to terms and conditions before logging into the portal. We call this feature Custom Terms and Conditions.

Creative, I know.

What are terms and conditions and why are they important?

Terms and Conditions are a set of regulations which users must agree to in order to use a service. They often specify sets of rules, usage, and content disclosure that is provided by the owner. For example, let’s look at the EUDPD:

“collecting and processing the personal data of individuals is only legitimate in one of the following circumstances laid down by Article 7 of the Directive: Where the individual concerned, (the ‘data subject’), has unambiguously given his or her consent, after being adequately informed.”

Any company operating in the EU and collecting any kind of data is required to notify the users of such and receive an explicit agreement. This requirement is not unique for the EU. As awareness to online privacy grows we will see more requirements enforced around the world, like the EU’s GDPR, California’s COPPA, and Canada’s PIPEDA, to name a few. We could provide many other examples where website or SaaS apps display their terms. We are here to make sure that we support our customers efforts in configuring and managing this type of requirement with urgency and ease.

Administrators can create multiple versions of the terms based on geographic location, department, job function, etc. and assign those to users via simple policies. When those conditions change or a user is moving from one policy to the other, Onelogin will automatically require users to agree to the updated terms. No action needs to be taken by the administrator.

Administrators can see which users have agreed to the terms and conditions, and which have not, in Activity > Events. You can create custom reports of who has accepted and who hasn’t, and stream acceptance events to Splunk, ELK, Sumo Logic, or any other SIEM that accepts data in JSON format.

OneLogin, as a company, is no different. We always strive to improve our internal processes. When I joined over a year ago, part of my onboarding process required me to agree to terms of use prior to gaining access to the portal. With this feature, new employees will get a frictionless experience and be able to get on with what really matters, while saving precious time for our IT team. They are no longer required to chase people down or send reminder emails to get those tasks completed.

As for all our customers out there - I invite you to read our product documentation on Terms and Conditions, and try it out for yourself. It’s one small step for IT, and one giant leap for compliance.

About the Author

Tal Herman is a Lead Product Manager for all things identity at OneLogin focusing on core Identity features and functionality with emphasis on usability and simplicity. Prior to joining OneLogin, spent 10 years building and helping enterprise customers deploy various identity and governance tools on premise and in the cloud.

View all posts by Tal Herman