One Login is on the watch of the European Union’s General Data Protection Regulation just as many companies. One Login’s goal is to be able to adopt regulations and framework which will be able to strengthen their privacy program and overall security not forgetting their customers. Most of it has always constituted privacy, offering Data Processing Agreements after safe harbor was invalidated and becoming an early adopter of ISO 27018 among others.
GDPR is a bit different like for example it’s akin to Sarbanes-Oxley in the naughts. Some of the major things that One Login is focusing and working on include the following as listed and explained below. One Login believes that some of them will end closer in May 2018.
Policies and Processes.
One Login took interest into a “blank page” approach in order to redraw their data flows and building out a very well detailed data mapping diagrams. They did this because their privacy framework had made the effort very minimal, more over this exercise turned out to be very useful to them.
Privacy requirements specific to contract language is part of GPDR and some of the contracts that were supposed to be clear included; use of subcontractors, data breach notification language and finally responsibility of data processors relevant to data controllers.
One Login has included these changes into their standard MSA and Data Processing agreement, and in addition they are ready to work with customers in order to receive the right language for both parties.
Data Protection Officer (DPO).
One Login had a plan for addressing the DPO requirement which was based on article 29; working party guidance which forced the GDPR plans to change. In order for One Login to be able to meet the GDPR requirements, they used the independent external legal counsel which is based in the EU to serve as their DPO.
One Login on the issue of trust decided to undergo an independent review closer to May 2018. They said that they would make sure that they had all their ducks in a row and most of all a more official GDPR certification is bound to crystallize.