The new General Data Protection Regulation (“GDPR”), which replaces the European Commission’s Data Protection Directive, goes into effect on May 2018. Its goal is to unify EU privacy regulations and better protect EU citizen personal data both within the EU and outside the EU. As a data processor, OneLogin is actively working on verifying that we meet all GDPR requirements and we are also documenting how we can best support our customers who are the data controllers.
What’s the primary purpose of this initiative?
As a data processor that handles EU citizen data within and without the EU, OneLogin is required to meet GDPR requirements.
What’s the scope?
OneLogin’s Privacy Program and its alignment with required GDPR requirements.
How often are you evaluated/audited?
There is currently no certification process specific to GDPR, but our Privacy Program is evaluated periodically as part SOC 2 Type 2 Report Audits, audits for ISO 27018:2014, U.S. Privacy Shield certification, and TRUSTe certification.
Who performs the evaluation/audit?
Armanino LLP performs the SOC 2 Type 2 audit, the Tuv Nord Group, which is accredited under DAkkS, performs the ISO 27018:2014 audit, and TrustArc performs the U.S. Privacy Shield and TRUSTe certification audit.
Who is the primary audience?
Customers who are going to be transferring EEA personal data to OneLogin.
Where can I get a copy of the report/certificate?
Customers and relevant third parties can request the latest SOC 2 Type 2 report from their Account Executive, Business Development, or Customer Success contact. The current ISO 27018:2014 certificate, and links to U.S. Privacy Shield and TRUSTe compliance can be accessed from the menu on the left.