General Data Protection Regulation (GDPR) based in the European Union, is on the radar of most companies including OneLogin. The GDPR is a whole unique animal. The best analogies are that GDPR is akin to Sarbanes-Oxley in the naughts.
While it is essential to adopt the frameworks and regulations, below are the significant areas that OneLogin is working upon to strengthen the overall security and privacy. Some of these will be complete closer to May 2018.
Processes and Policies.
Their long-standing devotion to aligning to respectable privacy frameworks has made such an effort minimal. Nevertheless, taking a “blank page” approach to redrawing data flows as well as building a very detailed data mapping diagrams is an area which they spent a fair amount of time. It was an essential exercise to discover items that might have been overlooked.
Privacy requirements specific to contract language is part and parcel of many privacy and security frameworks, and GDPR is not an exception. Some contact verbiage which requires being crystal clear includes the following; data breach notification language (Article 34), data processors responsibility applicable to data controllers (Article 28) and use of subcontractors (Article 28).
The changes have been merged into the standard MSA and the Data Processing Agreement. Also, they work with customers to obtain the best language in place which works for all parties.
They had a sound plan for addressing the Data Protection Officer (DPO) requirement earlier on, although this is an instance of article 29 (issued in late 2016) that contained practical party guidance and led to best GDPR plans for change. They leverage an external independent legal counsel situated in the EU to work as their DPO to meet the GDPR requirements (Article 37-39).
Over and over again, new regulations require the birth of further attestations or certifications, and some existing providers adapt to existing programs to cover GDPR. An independent review will be conducted closer to May 2018. It will see to it that there are all ducks in a row. Also, a more official GDPR certification is bound to crystallize over time (Article 42).
Learn more about OneLogin: https://bloghelpline.com/adding-value-enterprise-iam-single-sign-sso-with-services-like-onelogin/