U.S. Privacy Shield
The European Commission’s Directive on Data Protection went into effect in October of 1998, which will be replaced by the General Data Protection Regulation (GDPR) in 2018, prohibits the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. In order to bridge differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission originally developed a “Safe Harbor” framework, which has now been replaced with the U.S. Privacy Shield Framework. This requires annual self-certification under the program.
Note: EU Model Contract Clauses are also offered to all customers who want to have that in place as well.
What’s the primary purpose of this initiative?
The U.S. Privacy Shield Framework established a program to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. Registrants agree to certain requirements meant to safeguard this data.
What’s the scope?
OneLogin’s Privacy Program and its alignment with required privacy principles.
How often are you evaluated/audited?
An independent third party annually assesses our Privacy Notice and Privacy Program to verify alignment with the framework requirements. A self-certification is also submitted to the program for evaluation of our alignment with the requirements as well.
Who performs the evaluation/audit?
TRUSTe / U.S. Privacy Shield Program
Who is the primary audience?
Customers controlling European citizen data outside of the European Economic Area and other interested regulatory third parties.
Where can I get a copy of the report/certificate?
Third parties can verify that we are still in good standing with the U.S. Privacy Shield program by checking the program’s website.