European Commission’s Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. In order to bridge differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a “Safe Harbor” framework, which requires annual self-certification under the program.
Note: Safe Harbor is currently being revised to more closely align with EU data protection requirements. EU Model Contract Clauses are now offered as an alternative.
What’s the primary purpose of this initiative?
The Safe Harbor program established a framework to regulate the way that U.S. companies export and handle the personal data (such as names and addresses) of European citizens. Registrants agree to certain stipulations meant to safeguard this data.
What’s the scope?
OneLogin’s Privacy Program and its alignment with required privacy principles.
How often are you evaluated/audited?
Self-assessments are performed annually or when significant changes to the control environment occur.
Who performs the evaluation/audit?
Who is the primary audience?
Customers controlling European citizen data outside of the European Economic Area and other interested regulatory third parties.
Where can I get a copy of the report/certificate?
Third parties can verify that we are still in good standing with the Safe Harbor program by navigating to the OneLogin entry on the Safe Harbor website.