As a company founded on improving customer security and privacy, Onelogin has followed the progress of the European Union’s General Data Protection Regulation (GDPR) since the beginning.
One of the company’s goal is to be an early adopter of all regulations and frameworks that will strengthen the security and privacy of their customers. GDPR goes into effect May 25, 2018. After that, the EU warns, companies not in compliance will incur heavy fines. GDPR is designed to bring all the data privacy laws in Europe in harmony, and will replace the Data Protection Directive 95/46/EC. The EU wishes to protect the private data of all EU citizens.
Because of Onelogin’s traditional support of effective privacy frameworks, the company had little trouble alligning with the intent of GDPR. They did spend significant amounts of time diagramming the company’s data flows and building diagrams mapping their data in great detail. However, this proved a valuable activity they recommend to every organization.
Onelogin has already incorporated GDPR contract language in their MSA and Data Processing Agreement with customers.
Onelogin is also complying with GDPR by retaining an independent legal counsel based within the EU to serve as their Data Protection Officer (DPO) per Articles 37-39.
The company anticipates that the new regulations will force the existence of new certifications and attestations related to GDPR compliance. Some existing providers have already adapted their current certifications to include GDPR compliance. Onelogin plans to undergo a thorough examination prior to May 2018 to make sure they meet every requirement before enforcement begins. However, they anticipate that, just like implementation of the Sarbanes-Oxley Act, it may take years for companies to learn exactly what the EU will require.
Thomas and Christian Pederson founded Onelogin in 2009. Prior to founding Onelogin, both brothers worked for Zendesk. From talking to Zendesk customers, they realized many companies experienced security problems when they migrated into the cloud. That gave them the idea to launch an identity and access management tool that was easy to use and secure. They produced their first product in 2010, and they have come out with many others since then.