In 27th April, 2016 the EU created the General Data Protection Regulation (GDPR), a law that ensures all EU residents’ data is protected. Additionally, the regulation also places restrictions on the transfer of personal data outside the EU. All companies handling data in the EU have to comply by 25th May, 2018. The law gives EU residents various rights that enable to manage their data. The regulation gives various protections to EU residents such as the right to erasure and data portability. Right to erasure ensures that any EU resident has the right to request that their data be erased from any company. Data portability ensures gives all EU residents the right to move their personal data from one electronic system to another.

OneLogin, Inc. is a US based company that provides businesses and organizations with identity and access management (IAM) services. All of OneLogin’s services are available on the cloud. The IAM services provided by OneLogin allow companies’ employees to securely access various devices and applications. OneLogin has a significant presence in the EU and it will be one of the companies operating under the GDPR. Complying with the GDPR is a difficult task as the regulation is like moving target with any advice from the EU being highly subjective.

According to Alvaro Hoyos, the head of compliance at OneLogin, the company has undertaken significant steps to ensure that they will be in compliance by May 2018. OneLogin did not have to make major changes to its network to be in compliance with the GDPR. This is due to OneLogin’s implementation of privacy frameworks that respect users’ data. However, the company still spent significant effort and time by reviewing all its data flows and data mappings from scratch. The data mapping requirement is spelt out in GDPR’s article 30 that states a company must keep a record of all data processing activities in the company. The GDPR also stipulates that any company handling data must have a Data Protection Officer (DPO). OneLogin is fulfilling this requirement by hiring an independent European counsel to serve as a dedicated DPO. OneLogin is confident that the company will meet the requirements imposed by the GDPR.

Learn more about OneLogin: