Christian and Thomas Pedersen founded OneLogin after realizing the struggle and security concerns on clients interacting with cloud technology. The idea was launched in 2010 as an identity and access management where it provides the single sign-on, desktop authentication, web access management, and cloud directory among other services. The primary service element offered by OneLogin is the security of various vendor applications, companies now have the ease of managing their user identities despite their geographical locations. The recent policies in the UK, for instance, the General Data Protection Regulation (GDPR) by the European Union is out of concern of data security in the fast technological advancement era. The policy is intended to protect data users and general customers of data handling companies including OneLogin. Although OneLogin has made previous efforts through their privacy and security program, their proposal on data processing after safe harbor was denied in 2015 in a report they submitted under the Generally Accepted Privacy Principles (GAPP).
In the previous years, companies have sought to satisfy the privacy and security policies under the GDPR, but the authorities have always been a step ahead mainly because of the ever-changing structure and guidance releases that rapidly advance. Currently, the Article 29 Working Party is working towards new guidelines that explicitly define the standards. As a result, companies strive to keep up with the regulations and new standards hence OneLogin’s strategy on reorganizing fields to match the GDPR standards.
First, OneLogin intends to restructure the company’s data flows and include details in the data mapping diagrams to achieve clarity and transparency in their processes as they interact with external entities. Secondly, the MSA and data processing agreement has been incorporated with Article 34 and Article 28 of the GDPR as a requirement for uniformity in language. In addition to this, OneLogin has resorted to an external independent legal counsel as the company’s Data Protection Officer (DPO), this is based in the European Union. The company also intends to engage an independent review process in making sure all their processes adhere to the new policies and regulations hence acquire and updated GDPR certification as per Article 42.