OneLogin: Pursuit of Readiness

OneLogin is an access management and cloud-based identity provider. Their primary focus is to sell organizations and businesses. The GDPR or European Union’s General Data Protection Regulation is on OneLogin’s radar, and policies are being put into place to prevent any upcoming issues. OneLogin has a goal to become prompt adopters of frameworks and regulations, consequently strengthening their privacy and security programs. The major areas they are working on are contract language, processes and policies, DPO, and trust.

Some contract language needed to be made clearer. That includes the following: subcontractor use, language notification from data breach, and the accountability of data processors. They have put these into their regular Data Processing Agreement and standard MSA. OneLogin also offers the ability to work directly with them, to get language priorities straightened out between parties.

For processes and policies, OneLogin has taken a “blank page” approach. They are producing highly detailed data mapping illustrations, and redrawing data flows within its programs. They used Article 30 for the diagrams, and found it to be a very useful exercise. This effort has been quite small. This is due to lining up with valued privacy frameworks.

For the DPO or Data Protection Officer, they have found an external legal counsel in the EU to serve. The original plan fell through due to GDPR plans consistently changing. This was an example of the Article 29, issued in 2016.

OneLogin values trust. These new regulation will prompt the newest documentations and certifications. With Article 42, a more endorsed GDPR program will happen. They will also go back through existing programs, making sure those are up to GDPR standards.

Through all these security measures, OneLogin will make adjustments toward the GDPR requirements happening in 2018. They will continue their journey to becoming prompt adopters of regulations and framework. OneLogin will be looking into contract language, processes and policies, DPO, and trust. They will make adjustments as necessary for the upcoming year.

Leave a Reply

Your email address will not be published. Required fields are marked *